Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 7 attack families with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications Hackathon Sponsorships
Research & Guides
Server Nerd Comic NEW Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Home/Integrations/OPNsense
Native NetFlow (no plugins) NetFlow v5 / v9 3 min setup

DDoS Detection for OPNsense

OPNsense has built-in NetFlow export. Enable it, point it at Flowtriq's agent, and get real-time DDoS detection, attack classification, and automated mitigation with zero plugins.

Generate your config → Start free trial

How It Works

OPNsense
Built-in NetFlow exporter
NetFlow Export
UDP v5/v9 flows
ftagent
Linux host (any server)
Flowtriq Dashboard
Detection + alerts + mitigation

No plugins required. OPNsense ships with NetFlow export built into the base system. Navigate to Reporting > NetFlow, enable capture, add your ftagent host as a target, and flows start arriving immediately. OPNsense can also export to multiple targets at once, so you can send flows to ftagent and any other collector simultaneously.

Setup

Three steps to DDoS protection

1

Install ftagent

Install ftagent on any Linux server on your network. A VM, container, or bare-metal box all work. One command to install:

curl -sL https://get.flowtriq.com | sudo bash

2

Enable OPNsense NetFlow

Go to Reporting > NetFlow, enable local capture, select your WAN interface, and add your ftagent host IP:port as a capture target. Click Save, then Apply.

3

See attacks in your dashboard

Within minutes, traffic data appears in Flowtriq. Baselines build automatically. Attacks are detected, classified, and trigger your configured alert channels and mitigation policies.

Use the config generator for step-by-step commands →

Capabilities

What you get with this integration

Real-Time Attack Detection

Flowtriq analyzes NetFlow data from OPNsense to detect volumetric DDoS attacks in real time. Dynamic baselines learn your normal traffic patterns and alert on anomalies.

Attack Classification

Every detected attack is classified into one of 7+ families: SYN floods, UDP amplification, DNS reflection, NTP monlist, ICMP floods, GRE floods, and fragmentation attacks. Each with protocol-level confidence scores.

Automated Mitigation

Configure 4-level auto-escalation: start with local firewall rules, escalate to BGP FlowSpec, then RTBH blackholes, then cloud scrubbing. All triggered automatically based on attack severity.

Multi-Channel Alerting

Get notified instantly via Discord, Slack, PagerDuty, OpsGenie, email, SMS, or webhooks. Alert messages include attack type, target IP, traffic volume, and recommended actions.

Multi-Target Export

OPNsense can send flows to Flowtriq and any other NetFlow collector simultaneously. No need to choose between DDoS detection and your existing traffic analytics stack.

Traffic Analytics

Visualize traffic patterns with per-protocol breakdown, top talkers, bandwidth utilization, and PPS charts. All built from the NetFlow data OPNsense exports natively.

Comparison

OPNsense vs pfSense for Flowtriq integration

Feature OPNsense pfSense
NetFlow support Built-in (native) Via softflowd package
Plugin required None softflowd
Multi-target export Yes, built-in Single target per instance
NetFlow v5
NetFlow v9
Setup time ~3 minutes ~5 minutes
Flowtriq detection quality Identical Identical

Expectations

NetFlow integration vs direct agent install

The OPNsense integration gives you full DDoS detection with some tradeoffs compared to installing ftagent directly on a server.

What you get

  • Real-time volumetric DDoS detection
  • Full attack classification (7+ families)
  • Automated mitigation via BGP FlowSpec, RTBH, and cloud scrubbing
  • Multi-channel alerting (Discord, Slack, PagerDuty, and more)
  • Traffic analytics and incident history
  • Network-wide visibility from your gateway
  • Multi-target flow export (unique to OPNsense)

What you trade off

  • No PCAP packet captures for forensic analysis
  • 15-60 seconds additional detection latency
  • No per-packet payload inspection
  • No on-host firewall rule deployment on OPNsense itself

For sub-second detection and PCAP evidence, install ftagent directly on your critical servers in addition to the OPNsense integration.

Protect your OPNsense network today

Real-time DDoS detection and automated mitigation starting at $9.99/node/month. Free 14-day trial with no credit card required.

Start your free trial → Generate setup config → Talk to us →
Built by the team behind CVE-2024-45163 | Trusted by ISPs and hosting providers worldwide

FAQ

Frequently Asked Questions

Does OPNsense need any plugins for this integration?

No. OPNsense has a built-in NetFlow exporter under Reporting > NetFlow. Just enable it, add your ftagent host as a capture target, and you are done. No packages, plugins, or third-party software needed on the OPNsense side.

Can OPNsense send flows to Flowtriq and another collector at the same time?

Yes. OPNsense supports multiple capture targets. You can export flows to ftagent for DDoS detection and to ntopng, Elasticsearch, or any other NetFlow collector simultaneously. Each target receives identical flow data.

What attacks does Flowtriq detect from OPNsense NetFlow?

All volumetric DDoS attack families: SYN floods, UDP amplification (DNS, NTP, memcached, CLDAP, SSDP), ICMP floods, GRE floods, fragmentation attacks, and protocol anomalies. Classification uses flow metadata including protocol, ports, packet sizes, and traffic volume.

Can Flowtriq install directly on OPNsense?

No. OPNsense runs on HardenedBSD (a FreeBSD fork), and ftagent requires Linux. Install ftagent on any Linux machine on your network. A VM, container, or any existing server works. ftagent is lightweight: 1 CPU core, 512 MB RAM.

What detection latency should I expect?

NetFlow export adds 15 to 60 seconds of latency depending on OPNsense's configured active/inactive timeouts. You can tune these under Reporting > NetFlow. Lower timeouts reduce latency but increase export traffic. For sub-second detection, install ftagent directly on the protected server.

Is OPNsense better than pfSense for this integration?

OPNsense has native NetFlow support with no package installation required, which makes setup slightly simpler. pfSense requires the softflowd package. Functionally, both produce equivalent NetFlow data and work identically with ftagent.