Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    CS:GO DOS FIREWALL

    Firewalling
    6
    9
    816
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xkaas last edited by

      Hi!

      I run a cS:GO server with pfsense infront of it.

      I am having issues with DDoS. Our provider does provide Anti-DDOS for most attacks, but some called "VSE" goes through.

      My table size looks like this:

      https://prnt.sc/hph3xs

      https://prnt.sc/hpgvk7

      https://prnt.sc/hpgv39

      The attacks still get through… Is there anything I can do to block them? They keep hogging the CPU and table size

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        pfSense is a firewall not a (D)DoS protection service.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • X
          xkaas last edited by

          I know.

          But not a very good one then. I dont want it to filter DDoS.
          I was digging for something like "Packet lenght" or packet size filtering, as most of these attacks hit the same limits.

          I've blocked all ports - But it still hits… That's why (And many apparently blame PFSense).

          1 Reply Last reply Reply Quote 0
          • dotdash
            dotdash last edited by

            If the attacks get through the providers 'DDoS filtering' then they are on your pipe. The firewall blocks traffic from passing through the firewall. It still hits the outside interface and you still have to deal with it. If you think pfSense is a lousy firewall because it doesn't block DDoS, then you are unclear on the concepts, but feel free to try another firewall and see how well it works for you.

            1 Reply Last reply Reply Quote 0
            • KOM
              KOM last edited by

              If you could mitigate a DDoS with a firewall then it would not be the problem that it is.

              Analogy:  your doorman (firewall) won't let bad people into your house, but he can't stop them from knocking on your door to begin with.  You would need the city's (your ISP) help to keep them off your street.

              1 Reply Last reply Reply Quote 0
              • chpalmer
                chpalmer last edited by

                Our provider does provide Anti-DDOS for most attacks

                So your provider cannot stop the attacks.  They are still not to blame..  Just inefficient.

                Truthfully the fault lies with those leveraging the attacks.

                Triggering snowflakes one by one..

                1 Reply Last reply Reply Quote 0
                • X
                  xkaas last edited by

                  So,

                  To let you guys no, NO, I dont expect PFSense to "filter" DDoS attacks for me.

                  However, my ISP uses ArborNetworks, and most attacks get filtered without no issues.

                  The kind of attack hitting me is VSE (Valve Source Exploit)

                  These attacks uses spoofed IP's, pretty much, they hit the internal IP on port 27015 (A CS:GO server)

                  If I block the port, I can see how it denies the traffic (please note that from now on, the internet is working fine and nothing is touched by the attack)

                  However, when I unblock the port, it doesn't work.

                  I was looking for maybe trying to block everything outside of my source country (Where all connections are made, no other people are getting in from other countries)
                  Or some packet lenght block / String block, as 99% of all of the "connections" made have the same lenght.

                  I know there's no real "filtering" for this other on ISP level, however, I hope there's some fix to this for now, as my ISP wont be able to make the rule from their side without a quite large payment (Greedy guys)

                  Thanks everyone who helps.

                  Here's a little gif of what I see when I refresh the firewall rule page of the block rule :)

                  https://gyazo.com/dbe1f270006011f786fcb7da4e45f964

                  (refreshing)

                  1 Reply Last reply Reply Quote 0
                  • dotdash
                    dotdash last edited by

                    @xkaas:

                    I was looking for maybe trying to block everything outside of my source country (Where all connections are made, no other people are getting in from other countries)

                    pfBlockerNG can be used to block/allow by source country.

                    1 Reply Last reply Reply Quote 0
                    • L
                      leungda last edited by

                      install package suricata for IDS

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post