pfSense Support Subscription

Author Topic: Firewall feature like iptables -m recent  (Read 756 times)

0 Members and 1 Guest are viewing this topic.

Offline FJS

  • Full Member
  • ***
  • Posts: 132
  • Karma: +2/-0
  • Embedded Systems Engineer
    • View Profile
Firewall feature like iptables -m recent
« on: April 25, 2012, 01:43:09 pm »
I am not sure if there is some hidden functionality already in place but with all of the DDoS attacks out there I thought maybe this would be a good feature for the future.

iptables has a -m recent module to control connections from IPs based on a time period. So if a source makes too many requests within a period it will block them.  Quite useful in resource exhaustion type attacks/DDoS.

Just a thought.
FJS - Embedded Systems Engineer
Pictures are worth a thousand words, but posting config.xml backups are worth 10,000.  Alter the IPs, change anything revealing but leave subnets intact. Use find and replace. Please try to keep it brief on the description.
ALWAYS disable TSO  & LRO EXCEPT CHKSUM IF SUPPORTED. TSO/LRO breaks traffic, pf scrub and this goes for any passive device inline

Offline podilarius

  • Hero Member
  • *****
  • Posts: 1819
  • Karma: +3/-0
    • View Profile
Re: Firewall feature like iptables -m recent
« Reply #1 on: April 25, 2012, 03:58:23 pm »
If you look in the rule properties in the Advanced feature -> Advanced options section, I think you will find what you are looking for.

Offline FJS

  • Full Member
  • ***
  • Posts: 132
  • Karma: +2/-0
  • Embedded Systems Engineer
    • View Profile
Re: Firewall feature like iptables -m recent
« Reply #2 on: April 25, 2012, 04:55:40 pm »
If you look in the rule properties in the Advanced feature -> Advanced options section, I think you will find what you are looking for.

Thanks a bunch podilarius. Been busy lately but I sure miss these forums and trying to help out when I can. Between the creators of pfSense and people like you supporting it, sure makes a great system.
FJS - Embedded Systems Engineer
Pictures are worth a thousand words, but posting config.xml backups are worth 10,000.  Alter the IPs, change anything revealing but leave subnets intact. Use find and replace. Please try to keep it brief on the description.
ALWAYS disable TSO  & LRO EXCEPT CHKSUM IF SUPPORTED. TSO/LRO breaks traffic, pf scrub and this goes for any passive device inline