Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 7 attack families with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications Hackathon Sponsorships
Research & Guides
Server Nerd Comic NEW Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Home/Tools/OPNsense Setup

Integration Tool

OPNsense DDoS Protection Setup

Generate the complete configuration to connect OPNsense's native NetFlow exporter to Flowtriq's ftagent for real-time DDoS detection, classification, and automated mitigation. No plugins needed

Your Environment

The public IP on your OPNsense WAN interface
The Linux server where ftagent is installed
v9 provides richer metadata; v5 for legacy compatibility
UDP port ftagent listens on (default: 2055)
As shown in OPNsense interface assignments
opnsense-flowtriq-setup
Enter your OPNsense and ftagent details, then click Generate Setup Guide to get your complete configuration.
Native NetFlow Support: OPNsense includes a built-in NetFlow exporter under Reporting > NetFlow. No packages or plugins are required. You can export to multiple targets simultaneously, which means you can send flows to ftagent and any other collector at the same time without additional configuration.

OPNsense + Flowtriq Architecture

OPNsense (Your Firewall)

OPNsense's built-in netflow daemon monitors packets crossing your selected interfaces and generates NetFlow v5 or v9 records. These records summarize each connection with source/destination IPs, ports, protocol, byte counts, and timing data. The exporter sends records via UDP to one or more capture targets.

ftagent (Linux Host)

ftagent's built-in flow collector receives NetFlow exports and builds a real-time traffic profile. It detects volumetric anomalies, classifies attack types across 7+ families, and triggers automated mitigation. No additional flow collectors or databases required.

Flowtriq Dashboard

All detection events, attack classifications, traffic analytics, and incident history are available in the Flowtriq web dashboard. Configure alert channels (Discord, Slack, PagerDuty, email) and mitigation policies from a single pane of glass.

Multi-Target Export

OPNsense can export flows to multiple destinations at once. Send to ftagent for DDoS detection and simultaneously to ntopng, Elasticsearch, or any other NetFlow collector. Each target receives the same flow data independently.

What You Get

Real-Time Detection

Automatic detection of volumetric DDoS attacks based on traffic anomalies. Dynamic baselines adapt to your normal traffic patterns over time.

Attack Classification

Identifies SYN floods, UDP amplification, DNS reflection, NTP monlist, ICMP floods, GRE floods, and fragmentation attacks with protocol-level detail.

Instant Alerts

Get notified the moment an attack starts via Discord, Slack, PagerDuty, OpsGenie, email, SMS, or webhooks. Include attack details and recommended actions.

Automated Mitigation

Auto-deploy iptables rules, BGP FlowSpec announcements, RTBH blackholes, or cloud scrubbing policies when attacks exceed your configured thresholds.

NetFlow vs Local Capture: What You Trade Off

No PCAP Evidence

NetFlow provides flow summaries, not raw packets. You will not get packet captures or payload analysis. If you need PCAP forensics for incident response, install ftagent directly on the server being protected.

Higher Detection Latency

Expect 15 to 60 seconds of added latency compared to local capture. The NetFlow exporter aggregates flows before sending. You can tune the active and inactive timeouts in OPNsense's NetFlow settings to reduce this.

Protect your OPNsense network with Flowtriq

Real-time DDoS detection and automated mitigation starting at $9.99/node/month. Free 14-day trial, no credit card required.

Start your free trial → Read the full integration guide →
Export your results

FAQ

Frequently Asked Questions

Does OPNsense need a plugin for NetFlow export?

No. OPNsense has built-in NetFlow support. Navigate to Reporting > NetFlow to enable it. No additional packages or plugins are needed, unlike pfSense which requires the softflowd package.

Can OPNsense export NetFlow to multiple targets?

Yes. OPNsense supports exporting to multiple destinations simultaneously. You can send flows to ftagent and another collector (like ntopng or Elasticsearch) at the same time by adding multiple capture targets.

What is the detection latency with OPNsense NetFlow?

NetFlow export adds 15 to 60 seconds of detection latency depending on the configured active and inactive timeout values. For most volumetric DDoS attacks, this provides sufficient time to trigger automated mitigation. For sub-second detection, install ftagent directly on the target server.

Can Flowtriq run directly on OPNsense?

No. OPNsense runs on FreeBSD (HardenedBSD), and ftagent requires Linux. Install ftagent on any Linux server on your network and configure OPNsense to export NetFlow to it. A small VM or container works well for this.

Which OPNsense version supports NetFlow?

NetFlow export has been available in OPNsense since version 18.1. All current releases (24.x and later) fully support it. The configuration interface is under Reporting > NetFlow.