From owner-freebsd-questions@freebsd.org  Mon Jan 14 02:00:30 2019
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D8D2148FF9E
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon, 14 Jan 2019 02:00:30 +0000 (UTC)
 (envelope-from jjohnstone.nospamfreebsd@tridentusa.com)
Received: from mail.tridentusa.com (mail.tridentusa.com [96.225.19.3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9A4886BB7F
 for <freebsd-questions@freebsd.org>; Mon, 14 Jan 2019 02:00:19 +0000 (UTC)
 (envelope-from jjohnstone.nospamfreebsd@tridentusa.com)
Received: (qmail 68731 invoked by uid 1002); 14 Jan 2019 02:00:13 -0000
X-Qmail-Scanner-Diagnostics: from mail.tridentusa.com by
 smtprelay.tridentusa.com (envelope-from
 <jjohnstone.nospamfreebsd@tridentusa.com>, uid 7791) with qmail-scanner-2.11 
 (clamdscan: 0.100.2/25295. spamassassin: 3.4.2.  
 Clear:RC:1(172.16.0.32):. 
 Processed in 0.02634 secs); 14 Jan 2019 02:00:13 -0000
Received: from mail.tridentusa.com (172.16.0.32)
 de/crypted with TLSv1: DHE-RSA-AES256-SHA [256/256] DN=none
 by smtprelay.tridentusa.com with ESMTPS; 14 Jan 2019 02:00:13 -0000
Received: (qmail 95997 invoked from network); 13 Jan 2019 21:00:10 -0500
Received: from johnstone (HELO ?192.168.249.6?)
 (jjohnstone@tridentusa.com@192.168.249.6)
 by mail.tridentusa.com with SMTP; 13 Jan 2019 21:00:10 -0500
Subject: Re: OPNsense
To: byrnejb@harte-lyne.ca, freebsd-questions@freebsd.org
References: <647ac45684fa13349cb3e3d833e0c405.squirrel@webmail.harte-lyne.ca>
From: John Johnstone <jjohnstone.nospamfreebsd@tridentusa.com>
Message-ID: <9c6ca7b7-1518-7297-6d50-625c7eb35c96@tridentusa.com>
Date: Sun, 13 Jan 2019 21:00:12 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:60.0)
 Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <647ac45684fa13349cb3e3d833e0c405.squirrel@webmail.harte-lyne.ca>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 9A4886BB7F
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 spf=pass (mx1.freebsd.org: domain of jjohnstone.nospamfreebsd@tridentusa.com
 designates 96.225.19.3 as permitted sender)
 smtp.mailfrom=jjohnstone.nospamfreebsd@tridentusa.com
X-Spamd-Result: default: False [-1.43 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.65)[-0.653,0]; RCVD_COUNT_FIVE(0.00)[5];
 FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx];
 NEURAL_HAM_LONG(-0.93)[-0.932,0]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[tridentusa.com];
 NEURAL_SPAM_SHORT(0.64)[0.638,0];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[mail1.tridentusa.com,mail.tridentusa.com];
 RCPT_COUNT_TWO(0.00)[2];
 RCVD_IN_DNSWL_NONE(0.00)[3.19.225.96.list.dnswl.org : 127.0.10.0];
 RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:701, ipnet:96.225.0.0/17, country:US];
 MID_RHS_MATCH_FROM(0.00)[];
 IP_SCORE(-0.17)[asn: 701(-0.77), country: US(-0.08)]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jan 2019 02:00:30 -0000

On 1/11/19 4:21 PM, James B. Byrne via freebsd-questions wrote:

> However,  I have a few reservations about the OPNsense appliance even
> before I test it.  Specifically the apparent lack of any way to
> black-hole repetitive logon attempts to various exposed services.
> 
> Does anyone here employ OPNsense as their corporate firewall?  What
> are the best and worst features of the product?  Are there ways to
> configure OPNsense to block repetitive initiations of new connections?

This question would probably be better someplace specific to OPNsense. 
Since OPNsense is a fork of pfSense the two are probably similar in 
their way of configuring rules.  In pfSense there are advanced options 
for a rule where you can configure a maximum number of connections per 
host within a maximum number of seconds.

Firewall > Rules > Edit > Advanced Options

This is rate-limiting for TCP connections where only source IP address 
and destination port are tracked.  This won't be effective against 
botnet / Amazon hosted type attempts where every attempt, or at most 
just a few, comes from a unique IP address.  There are higher level 
rules in the ET rulesets if you are using them but that's a huge topic 
all by itself.

pfSense has been used here for about 4 years with excellent results.

-
John J.