Last night I finally took the time to learn what the “advanced” options are in the pfsense firewall rule form. You know the ones, these guys:

I finally got fed up after one too many misbehaving bot caused one of my Apache servers to spawn way too many instances.

Basically, all I learned is thanks to: https://calomel.org/pf_config.html and a little from http://www.openbsd.org/faq/pf/config.html.

To make the connection between the calomel explanations and the pfsense descriptions, I ran pfctl -sr and gathered this information:

max-src-states 120, max-src-conn-rate 30/100, max-src-nodes 10000 overload <virusprot> flush global, tcp.established 5, src.track 100

The following is a rough idea of the settings I’m using, with additional notes of mine in bold to remind me of why I set the numbers the way I did. Also, based on the recommendation of calomel, I’m using synproxy state. I should also mention that this is just an HTTP rule!

Advanced Options

Simultaneous client connection limit 10000 number of ip addresses which can connect

Maximum state entries per host 120 40 established states at a time (3 per established roughly)

Maximum new connections / per second 30 / 100 seconds this is per ip!?!

State Timeout in seconds 5 (Varnish default timeout)

¥