1
23.1 Legacy Series / Is there a reason max-src limits are linked to virusprot by default and always?
« on: March 24, 2023, 09:18:40 pm »
Cross-posted from https://forum.opnsense.org/index.php?topic=17921.0 (because it is now archived, and I wanted to add some comments to his post, it is still very relevant)
Limiting TCP connections is one of the best defenses against Steam Downloader / Xbox Games Downloads, and other downloaders that despite having limters in place still cause your network to slow down or come to a crawl. The reason for this is these downloaders are often VERY Aggressive! They will flood your router with connections, and sometimes you can tell everyone on your network to make sure to set a download limit in steam, that is not always possible.
Using TCP rate limiters is a great way to throttle these downloaders in addition to having Limiter Traffic shapers. Basicly if somebody is trying to slam the router with TCP connections, I want them to start dropping those connections left and right, but I do not want to outright stop all traffic.
It is true that such a tactic may cause several websites to stop functioning for the offending host if I am dropping traffic left and right, but If I do not outright stop all traffic then they will quickly learn that the cause is their massive downloading.
On the other hand stopping all traffic is not really an option, all that does is gets me messages that they are unable to use the internet....
Original Post:
https://forum.opnsense.org/index.php?topic=17921.0
Limiting TCP connections is one of the best defenses against Steam Downloader / Xbox Games Downloads, and other downloaders that despite having limters in place still cause your network to slow down or come to a crawl. The reason for this is these downloaders are often VERY Aggressive! They will flood your router with connections, and sometimes you can tell everyone on your network to make sure to set a download limit in steam, that is not always possible.
Using TCP rate limiters is a great way to throttle these downloaders in addition to having Limiter Traffic shapers. Basicly if somebody is trying to slam the router with TCP connections, I want them to start dropping those connections left and right, but I do not want to outright stop all traffic.
It is true that such a tactic may cause several websites to stop functioning for the offending host if I am dropping traffic left and right, but If I do not outright stop all traffic then they will quickly learn that the cause is their massive downloading.
On the other hand stopping all traffic is not really an option, all that does is gets me messages that they are unable to use the internet....
Original Post:
https://forum.opnsense.org/index.php?topic=17921.0