Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 7 attack families with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications Hackathon Sponsorships
Research & Guides
Server Nerd Comic NEW Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Home/Tools/pfSense Setup

Integration Tool

pfSense DDoS Protection Setup

Generate the complete configuration to connect pfSense NetFlow export to Flowtriq's ftagent for real-time DDoS detection, attack classification, and automated mitigation.

Your Environment

The public IP on your pfSense WAN interface
The Linux server where ftagent is installed
v9 provides richer metadata; v5 for legacy compatibility
UDP port ftagent listens on (default: 2055)
Usually em0, igb0, or ix0 depending on hardware
pfsense-flowtriq-setup
Enter your pfSense and ftagent details, then click Generate Setup Guide to get your complete configuration.
How This Works: pfSense exports NetFlow data from your WAN interface via softflowd. Flowtriq's ftagent receives these flows on any Linux host, analyzes traffic patterns in real time, and detects DDoS attacks with full classification (SYN flood, UDP amplification, DNS reflection, and more). When an attack is detected, ftagent can auto-deploy firewall rules, trigger BGP FlowSpec announcements, or escalate to cloud scrubbing.

pfSense + Flowtriq Architecture

pfSense (Your Firewall)

pfSense inspects every packet crossing your WAN interface. With softflowd installed, it generates NetFlow records summarizing each connection: source IP, destination IP, ports, protocol, byte counts, and timestamps. These records are exported via UDP to your ftagent host.

ftagent (Linux Host)

ftagent's built-in flow collector receives NetFlow exports and builds a real-time traffic profile. It detects volumetric anomalies, classifies attack types across 7+ families, and triggers automated mitigation. No additional flow collectors or databases required.

Flowtriq Dashboard

All detection events, attack classifications, traffic analytics, and incident history are available in the Flowtriq web dashboard. Configure alert channels (Discord, Slack, PagerDuty, email) and mitigation policies from a single pane of glass.

Detection Speed

NetFlow-based detection typically adds 15 to 60 seconds of latency depending on softflowd's export interval. This is fast enough for most volumetric DDoS attacks. For sub-second detection on critical servers, install ftagent directly on the host alongside local packet capture.

What You Get

Real-Time Detection

Automatic detection of volumetric DDoS attacks based on traffic anomalies. Dynamic baselines adapt to your normal traffic patterns over time.

Attack Classification

Identifies SYN floods, UDP amplification, DNS reflection, NTP monlist, ICMP floods, GRE floods, and fragmentation attacks with protocol-level detail.

Instant Alerts

Get notified the moment an attack starts via Discord, Slack, PagerDuty, OpsGenie, email, SMS, or webhooks. Include attack details and recommended actions.

Automated Mitigation

Auto-deploy iptables rules, BGP FlowSpec announcements, RTBH blackholes, or cloud scrubbing policies when attacks exceed your configured thresholds.

NetFlow vs Local Capture: What You Trade Off

No PCAP Evidence

NetFlow provides flow summaries, not raw packets. You will not get packet captures or payload analysis. If you need PCAP forensics for incident response, install ftagent directly on the server being protected.

Higher Detection Latency

Expect 15 to 60 seconds of added latency compared to local capture. Softflowd aggregates flows before exporting them. You can reduce the export interval in softflowd settings, but shorter intervals increase CPU usage on pfSense.

Protect your pfSense network with Flowtriq

Real-time DDoS detection and automated mitigation starting at $9.99/node/month. Free 14-day trial, no credit card required.

Start your free trial → Read the full integration guide →
Export your results

FAQ

Frequently Asked Questions

Can Flowtriq run directly on pfSense?

No. pfSense runs on FreeBSD, and ftagent requires Linux. Install ftagent on any Linux box on your network (a VM, container, or bare-metal server) and point pfSense's NetFlow export to it. The agent handles all detection, classification, and alerting from there.

What NetFlow version should I use with pfSense?

NetFlow v9 is recommended for best compatibility and richer flow metadata. NetFlow v5 works too but carries fewer fields. Both versions are fully supported by ftagent's built-in flow collector.

Does this work with pfSense CE and pfSense Plus?

Yes. Both pfSense Community Edition and pfSense Plus support the softflowd package for NetFlow export. The setup steps are identical for both versions.

How fast is detection with NetFlow vs local capture?

NetFlow export adds 15 to 60 seconds of detection latency depending on your configured export interval. For most volumetric DDoS attacks, this is still fast enough to trigger automated mitigation. For sub-second detection, install ftagent directly on the target server and use local packet capture.