Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Setting up Synproxy State on OPNSense
« previous
next »
Print
Pages: [
1
]
Author
Topic: Setting up Synproxy State on OPNSense (Read 1019 times)
tmanok
Newbie
Posts: 14
Karma: 0
Setting up Synproxy State on OPNSense
«
on:
February 11, 2022, 07:10:45 am »
Hi Everyone,
Synproxy is new to me and I want to better understand it's configuration. Recently, I've read about how FreeBSD is (or perhaps was) vulnerable to certain types of low-bandwidth DoS attacks. The best available recommendations I could find included synproxy as a solution. After reading the documentation, Synproxy is a state tracking method that can be used on OPNSense, though I would like to hear a more detailed explanation and be sure that it is appropriate to implement.
On a WAN interface, I have HTTPS (port 443) open to the internet as there is incoming traffic to a specific web server.
Would the appropriate configuration for Synproxy be to edit a firewall pass rule for that port, click the advanced section, and simply change the state tracking to synproxy? This sounds too simple, or like there will be caveats. What services (ports) cannot have synproxy tracking enabled? What are the caveats of synproxy?
Thanks everyone,
Tmanok
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Setting up Synproxy State on OPNSense
«
Reply #1 on:
February 11, 2022, 08:06:22 am »
I think this was added recently is not yet in stable release (the pf side)
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Setting up Synproxy State on OPNSense