DDOS protection

penley · October 07, 2016, 03:57:47 PM

Does OPNsense by default have dos and ddos prevention or is this something that needs to be configured?
We're not experiencing any issues at the moment, I'm just asking for clarification.

Kind regards,
penley

fabian · October 07, 2016, 07:16:39 PM

As far as I know no appliance can do that for you because the problem of a DDoS usually is the limited bandwidth of your WAN connection.
OPNsense can use the synproxy state to protect against SYN floods, which can be enabled in the rules (advanced option).

franco · October 10, 2016, 11:34:17 PM

Hi penley,

If the firewall machine is powerful enough to protect your internal assets the synproxy is good enough. So if you did not have one before that might work. If the traffic is too high, you need other kinds of mitigation, but it also depends on the type of attack.

Cheers,
Franco

DDOS protection

penley

October 07, 2016, 03:57:47 PM

fabian

October 07, 2016, 07:16:39 PM #1

franco

October 10, 2016, 11:34:17 PM #2