Date: Sun, 13 Jan 2019 21:00:12 -0500 From: John Johnstone <jjohnstone.nospamfreebsd@tridentusa.com> To: byrnejb@harte-lyne.ca, freebsd-questions@freebsd.org Subject: Re: OPNsense Message-ID: <9c6ca7b7-1518-7297-6d50-625c7eb35c96@tridentusa.com> In-Reply-To: <647ac45684fa13349cb3e3d833e0c405.squirrel@webmail.harte-lyne.ca> References: <647ac45684fa13349cb3e3d833e0c405.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/11/19 4:21 PM, James B. Byrne via freebsd-questions wrote: > However, I have a few reservations about the OPNsense appliance even > before I test it. Specifically the apparent lack of any way to > black-hole repetitive logon attempts to various exposed services. > > Does anyone here employ OPNsense as their corporate firewall? What > are the best and worst features of the product? Are there ways to > configure OPNsense to block repetitive initiations of new connections? This question would probably be better someplace specific to OPNsense. Since OPNsense is a fork of pfSense the two are probably similar in their way of configuring rules. In pfSense there are advanced options for a rule where you can configure a maximum number of connections per host within a maximum number of seconds. Firewall > Rules > Edit > Advanced Options This is rate-limiting for TCP connections where only source IP address and destination port are tracked. This won't be effective against botnet / Amazon hosted type attempts where every attempt, or at most just a few, comes from a unique IP address. There are higher level rules in the ET rulesets if you are using them but that's a huge topic all by itself. pfSense has been used here for about 4 years with excellent results. - John J.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9c6ca7b7-1518-7297-6d50-625c7eb35c96>