Setting up Synproxy State on OPNSense

Started by tmanok, February 11, 2022, 07:10:45 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 11, 2022, 07:10:45 AM
Hi Everyone,

Synproxy is new to me and I want to better understand it's configuration. Recently, I've read about how FreeBSD is (or perhaps was) vulnerable to certain types of low-bandwidth DoS attacks. The best available recommendations I could find included synproxy as a solution. After reading the documentation, Synproxy is a state tracking method that can be used on OPNSense, though I would like to hear a more detailed explanation and be sure that it is appropriate to implement.

On a WAN interface, I have HTTPS (port 443) open to the internet as there is incoming traffic to a specific web server.

Would the appropriate configuration for Synproxy be to edit a firewall pass rule for that port, click the advanced section, and simply change the state tracking to synproxy? This sounds too simple, or like there will be caveats. What services (ports) cannot have synproxy tracking enabled? What are the caveats of synproxy?

Thanks everyone,


Tmanok
February 11, 2022, 08:06:22 AM #1
I think this was added recently is not yet in stable release (the pf side)
Print
Go Up Pages1
User actions