Firewall Maximum Intrusion Event Rate Alert

Please add a feature that allows users to:

  • set a maximum number of firewall intrusion events per minute
  • be alerted when the maximum number of firewall intrusion events per minute is exceeded

Additional configuration option: Add checkbox allowing users to select “Stop all traffic” if the maximum number of firewall intrusion events per minute is exceeded.

When choosing “Yes w/ modification”, please reply to this message and add your suggested modification(s).

no.
I don’t want to be notified of intrusion attempt. As long as the firewall is doing its job great. The logs show if any attempt was made.
I also don’t want my network shut down if a predetermined number of attempts were made while I was online searching or doing whatever (torrents for example).
Also people using torrent downloaders always see thousands of such attempts so again. Bad idea.

First, users do not have to activate the feature.

Second, software firewalls are not 100% effective at blocking or recording all unwanted events which means you may not know if “…the firewall is doing its job great.” A user activating this option at least gets an opportunity to know when there are many attempts occurring at a high rate.

Third, it’s inconvenient to switch to the Summary Page or the Log to monitor the number and rate of intrusions. I’ve done so on several occasions. In one case I noted a bit over 200 attempted intrusions from multiple IPs in just under one minute. It was easy for me to disconnect my broadband connection for a minute. When I reconnected, DHCP grabbed another IP address for my machine and the high rate intrusions stopped.

Since software firewalls are not 100% effective at blocking and recording high-rate intrusion attempts, I’m looking for a more proactive way to monitor such conditions.