[tor-relays] Impact on running a tor relay on other internet services?

[Thoughts]

Hi all - I've been running a TOR non-exit relay for several months now.  
Its rare, but I'm seeing what I believe is the occasional connection 
attack, with my relay complaining about the number of connections and 
suggesting I reduce capacity.  Those are rare, and most of the time my 
server is running at about 20% CPU. During attacks, which seem unrelated 
to my Tor Upload/Download rate, CPU jumps to well over 100% (quad core, 
so 400% is max).

I'd normally just ignore this, but it seems to be impacting other 
aspects of my network experience:  Messenger Rooms will unexpected 
close, NetFlix gets "unable to stream this title", family complains 
about slow and dropped connections, etc.  Just had it happen a few 
minutes ago with a Messenger Room and sure enough, CPU is at 130%, even 
though I'm only pumping about 15MB/Sec (37.5MB/S limit, 56.2 burst, 40.3 
observered) over my gigabit ISP connection.  Speedtest shows the 
performing within acceptable parameters.

So contemplating what I can do, since this is bothersome.  I've come up 
with a few alternatives, and curious about your thoughts:

1) Do some type of connection limiting at my PFSense Plus firewall.  
Perhaps limiting things to, say, 30 connections per IP address?  Not 
even sure that is possible, but figure it might lighten the load on the 
TOR server.

2) Drop being a TOR non-exit relay and convert to a bridge.  Not sure 
how long, if ever, it would take for my IP address, which is now public, 
to fade off of block lists...  Not ideal, but at least as a bridge I'd 
still be servicing the environment.

3) Try connection limiting via iptables on the TOR host.  Just seems 
like doing that at the firewall would be better.

Thoughts?

Kevin