Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Floating Rules question - limit Wan source connections

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 595 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cr_hyland
      last edited by

      This is my first time to use Floating Rules.
      We have a fully routed pfSense setup with no NAT.

      We have recently experienced several DDoS attacks and just this morning a DoS Amplification attack.

      What we want to do is add floating rules to use specific queues in our shaper but more importantly to limit the amount of new connections per second an external IP can open coming in on our WAN.
      We also want to apply a similar rule that LAN hosts can only open a certain amount of new connection to a destination IP per second to help combat DoS Amplification attacks.

      The problem /confusion here is that we have hundreds of very specific rules controlling inbound traffic from our Wan to our Lan and we don't want the floating rules to interfere with the block/allow rules, just to limit new connections per second.

      We could go and edit each rule individually to set the limits but that is going to take a long time and any adjustments would be a headache to maintain.

      Has anyone any suggestions or experience with a similar situation?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.