Last night I finally took the time to learn what the “advanced” options are in the pfsense firewall rule form. You know the ones, these guys:
I finally got fed up after one too many misbehaving bot caused one of my Apache servers to spawn way too many instances.
To make the connection between the calomel explanations and the pfsense descriptions, I ran pfctl -sr and gathered this information:
max-src-states 120, max-src-conn-rate 30/100, max-src-nodes 10000 overload <virusprot> flush global, tcp.established 5, src.track 100
The following is a rough idea of the settings I’m using, with additional notes of mine in bold to remind me of why I set the numbers the way I did. Also, based on the recommendation of calomel, I’m using synproxy state. I should also mention that this is just an HTTP rule!
Simultaneous client connection limit 10000 number of ip addresses which can connect
Maximum state entries per host 120 40 established states at a time (3 per established roughly)
Maximum new connections / per second 30 / 100 seconds this is per ip!?!
State Timeout in seconds 5 (Varnish default timeout)