24 Mar
2026
24 Mar
'26
10:17 a.m.
Hello everyone, I am running a few Tor relays on FreeBSD to help diversify the network and use pf as the firewall on my servers to block unwanted traffic. To reduce the impact of possible future DoS attacks, I want to make use of max-src-conn and max-src-conn-rate to limit a single IP address from creating unlimited TCP states, as well as limit how fast new TCP sessions can be created. Due to some other relays running up to eight instances per IP address, I don't want to set the limit too low, so legitimate connections aren't accidentally dropped. So my question to other relay operators using FreeBSD and pf, what values do you use, and ars there other settings I can use to fine tune pf firewall on my Tor relays? Regards, ZR