OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: opnsenseuser on August 07, 2022, 06:41:57 pm

Title: Anti DDOS - Firewall Advanced Settings
Post by: opnsenseuser on August 07, 2022, 06:41:57 pm

1. What is the difference between the 3 setting options of Anti DDOS?
2. Can someone explain when it makes sense to activate Anti DDOS or what should be considered when activating it?
3. Is there a documentary about it?
4. Is there a log?

thx

Title: Re: Anti DDOS - Firwall Advanced Settings
Post by: xpendable on August 07, 2022, 07:07:29 pm

As far as I know it's all based around the usage of the state table, if there is a DDOS attack your state table would start to fill up with waiting connections. See this previous link with some explanation to each setting: https://forum.opnsense.org/index.php?topic=28579.0

I have mine set to adaptive with the default values, FYI I noticed a while back if you set syncookies to always that the zenarmor console would fail to load. I reported that to the zenarmor team but don't know if they ever created a work around for that issue.

Title: Re: Anti DDOS - Firwall Advanced Settings
Post by: Supermule on August 07, 2022, 07:56:48 pm

Problem is that it doesnt help with DDoS.

You can easily make a L7 Denial of Service without the state table filling up in the FW.

Title: Re: Anti DDOS - Firewall Advanced Settings
Post by: opnsenseuser on August 07, 2022, 08:53:48 pm

Thank you both for the information.
I don't think I use it. Seems to be more of a problem, at least in terms of compatibility and performance and purpose, than useful.

Title: Re: Anti DDOS - Firewall Advanced Settings
Post by: Supermule on August 07, 2022, 09:32:59 pm

Suricata detects DDoS as well and can handle them quite well running inline.

Issue with that is that the logs cant be written fast enough and it kills the FW quite fast.

Disable Suricata and it can handle DDoS quite well or disable logging written to the FW log.