John Johnstone jjohnstone.nospamfreebsd at tridentusa.com
Mon Jan 14 02:00:30 UTC 2019

On 1/11/19 4:21 PM, James B. Byrne via freebsd-questions wrote:

> However,  I have a few reservations about the OPNsense appliance even
> before I test it.  Specifically the apparent lack of any way to
> black-hole repetitive logon attempts to various exposed services.
> Does anyone here employ OPNsense as their corporate firewall?  What
> are the best and worst features of the product?  Are there ways to
> configure OPNsense to block repetitive initiations of new connections?

This question would probably be better someplace specific to OPNsense. 
Since OPNsense is a fork of pfSense the two are probably similar in 
their way of configuring rules.  In pfSense there are advanced options 
for a rule where you can configure a maximum number of connections per 
host within a maximum number of seconds.

Firewall > Rules > Edit > Advanced Options

This is rate-limiting for TCP connections where only source IP address 
and destination port are tracked.  This won't be effective against 
botnet / Amazon hosted type attempts where every attempt, or at most 
just a few, comes from a unique IP address.  There are higher level 
rules in the ET rulesets if you are using them but that's a huge topic 
all by itself.

pfSense has been used here for about 4 years with excellent results.

John J.

More information about the freebsd-questions mailing list