pfSense – DDoS

Last Updated: April 12th, 2018/Published On: February 19th, 2015/By /Views: 4440/

PfBlocker

  • See 192.168.30.1 (intranet) as an example
  1. Click System>Packages
  2. Install PfBlocker
  3. Click Firewall>PfBlocker>General
    • Enable with Defaults
  4. Click Firewall>PfBlocker>Lists
  5. Click Firewall>PfBlocker>Top Spammers
    • Select appropriate lists

Code Way to do it

This should work for all versions of pfSense:

  • Under Diagnostics -> Edit file Browse to /etc open ntpd.conf at the end add:
    • restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery restrict 127.0.0.1 restrict ::1
  • save the file, then go back to Diagnostics -> Command Prompt and execute two commands
    • killall ntpd service ntpd onestart
  • You can test for vulnerable installs from any BSD/Linux/Mac from the terminal with: ntpdc -n -c monlist <ip address>
  • You can use pfSense to test other installs by using that command in the Diagnostics Command Prompt :)

Table of Contents