Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense as firewall good or not good?

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 5 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      blackmetal
      last edited by

      Hi,
      we have about 3 full rack in a datacenter and we want use pfsense as transparent firewall for manage our network traffic and block some connections and prevent dos , so we decide use pfsense with rackmount server (e3-1220/4g ram/with ssd hard drive), so my questions are :
      1. how many rules it can handle without problem?
      2. can it handle about 200 firewall rules withno problem?
      3. if i receive too much packets (pps or bps attack) it does not goes down?
      4. it does not cause any other problem for my network?

      our average uplink usages is about 30~35mbit but some times we have peak about 300-400mbit ,

      i want know is it good that use pfsense as firewall for my network ?
      if i receive dos attack ccr does not failed and goes high load?
      thanks,

      1 Reply Last reply Reply Quote 0
      • N Offline
        Nullity
        last edited by

        1. Dunno.
        2. Yes.
        3. Too many packets will always be "too many." Impossible to answer.
        4. It causes as many problems as the admin allows.

        If ddos is a concern, a hardware firewall may be best.

        I think you need to spend a day or two reading about pfSense and return with better questions. Search Google, the wiki, and this forum. Good luck. :)

        Please correct any obvious misinformation in my posts.
        -Not a professional; an arrogant ignoramous.

        1 Reply Last reply Reply Quote 0
        • B Offline
          blackmetal
          last edited by

          i am searching about pfsense about 2 days but i could not findout pfsense is good for me or use mikrotik ccr 1016 as firewall but i am sure %90 about pfsense,
          can add pfsense rule that if destination 1.2.3.4 reciev more than 500 pps from source ip 4.3.2.1 then blocked those packets is more than 500?
          thnas,

          1 Reply Last reply Reply Quote 0
          • M Offline
            mer
            last edited by

            @blackmetal:

            i am searching about pfsense about 2 days but i could not findout pfsense is good for me or use mikrotik ccr 1016 as firewall but i am sure %90 about pfsense,
            can add pfsense rule that if destination 1.2.3.4 reciev more than 500 pps from source ip 4.3.2.1 then blocked those packets is more than 500?
            thnas,

            I believe that if you have a specific pass rule for that traffic, you can add qualifiers like Max Connections Per Second will will put the offending IP into a table for blocking.

            1 Reply Last reply Reply Quote 0
            • B Offline
              blackmetal
              last edited by

              when pfsense block ip can we see which IPs is blocked?

              1 Reply Last reply Reply Quote 0
              • F Offline
                fragged
                last edited by

                @blackmetal:

                when pfsense block ip can we see which IPs is blocked?

                You can set logging enabled/disabled for each firewall rule (+ default allow/block rules).

                1 Reply Last reply Reply Quote 0
                • B Offline
                  blackmetal
                  last edited by

                  can i know what is your suggestions between pfsense and mikrotik ccr 1016-12g and why ?

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    muswellhillbilly
                    last edited by

                    http://wiki.mikrotik.com/wiki/Manual:RouterOS_features

                    https://www.pfsense.org/about-pfsense/features.html

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.