Project

General

Profile

Feature #6470

CloudFlare Integration Module

Added by Xander Venterus about 4 years ago. Updated 12 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
New Package Request
Target version:
-
Start date:
06/08/2016
Due date:
% Done:

0%

Estimated time:

Description

I would be interested in assisting with the development of a super simple cloudflare integration module.

It would be very usefull for those who use pfsense in the cloud and in datacenter networks to nearly instantly mitigate DoS and DDoS attacks.

Cloudflare has an API that can be cURL'd to enable and disable "Im under attack" mode.

My thought was just make us able to simply set a state table threshhold, perhaps even filterable by destination internal ip, so if states exceed a certain threshhold, the system would cURL the api with the settings provided causing attack mode to engage, which then limits and aggressively filters incoming connections more thouroughly.

Turning on attack mode is capable of blocking UDP Floods, TCP Floods, Layer 7 pingback floods, Syn Floods, and many other types as well. So the firewall could simply fire of a curl to enable attack mode, and then, if the states fall to below 75% of the attack threshhold, it could cURL to turn attack mode back off.

This is simply to automate the process and would be extremely usefull, i already have developed a PHP implementation on my webserver that does something simular.

The api can also be used to add blocked ips to cloudflares block list, could be nice if pfsense was able to integrate with that too....

I have a Pro level account with multiple domains, and several pfsense units in place, i volunteer my assistance to help with this.

History

#1 Updated by Jim Pingle 12 months ago

  • Project changed from pfSense to pfSense Packages
  • Category set to New Package Request

Also available in: Atom PDF