Date: Sat, 12 Jan 2019 09:06:07 -0800 From: Grouchy Sysadmin <sysadmin@grouchysysadmin.com> To: freebsd-questions@freebsd.org Subject: Re: OPNsense Message-ID: <78f20bd6-9561-da01-e9bb-52c85be98f0a@grouchysysadmin.com> In-Reply-To: <647ac45684fa13349cb3e3d833e0c405.squirrel@webmail.harte-lyne.ca> References: <647ac45684fa13349cb3e3d833e0c405.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/11/19 1:21 PM, James B. Byrne via freebsd-questions wrote: > The weekend I am experimenting with an OPNsense firewall/router at one > of our sites. I have been having mixed success with testing so far > and decided to take the whole network down while the user traffic is > negligible. Since it is only a matter of a few plugs if things go > terribly wrong then I will just cut the test machine out and restore > the normal cabling configuration. > > However, I have a few reservations about the OPNsense appliance even > before I test it. Specifically the apparent lack of any way to > black-hole repetitive logon attempts to various exposed services. > > Does anyone here employ OPNsense as their corporate firewall? What > are the best and worst features of the product? Are there ways to > configure OPNsense to block repetitive initiations of new connections? I used it for around six months and it worked fine. The firewall rules should allow you to block by IP, or write a custom rule for Suricata with the built in IPS.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?78f20bd6-9561-da01-e9bb-52c85be98f0a>