jjohnstone.nospamfreebsd at tridentusa.com
Mon Jan 14 02:00:30 UTC 2019
On 1/11/19 4:21 PM, James B. Byrne via freebsd-questions wrote:
> However, I have a few reservations about the OPNsense appliance even
> before I test it. Specifically the apparent lack of any way to
> black-hole repetitive logon attempts to various exposed services.
> Does anyone here employ OPNsense as their corporate firewall? What
> are the best and worst features of the product? Are there ways to
> configure OPNsense to block repetitive initiations of new connections?
This question would probably be better someplace specific to OPNsense.
Since OPNsense is a fork of pfSense the two are probably similar in
their way of configuring rules. In pfSense there are advanced options
for a rule where you can configure a maximum number of connections per
host within a maximum number of seconds.
Firewall > Rules > Edit > Advanced Options
This is rate-limiting for TCP connections where only source IP address
and destination port are tracked. This won't be effective against
botnet / Amazon hosted type attempts where every attempt, or at most
just a few, comes from a unique IP address. There are higher level
rules in the ET rulesets if you are using them but that's a huge topic
all by itself.
pfSense has been used here for about 4 years with excellent results.
More information about the freebsd-questions