Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NEED setup Firewall

    Scheduled Pinned Locked Moved Firewalling
    11 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GameVPN
      last edited by

      Hello i have a ovh game vps
      i run a vpn
      and there is attack with syn its effect my vpn connection

      is there any one he can help me ?

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        syn attacks can't be stopped from your VPS : you can't do anything when DDOSed.

        Check with OVH support.
        See also the OVH forums, the subject is known for decades now.

        Check this : https://www.soyoustart.com/en/ and ask yourself : why are there special "Game" servers ? Not because they have a special graphics card : they have none. Even processors and memory isn't really special.
        But something is : https://www.soyoustart.com/en/faq.xml

        I guess a basic VPS is to 'ordinary' to host game services. Worse : when a VPS is DDOSed, the entire host system will suffer : all the other VPS's on the same system.

        Btw : I'm just mentioning the SYS servers as an example, it's up to you to choose the right server for your need. Your first choice should be : how is DOSS handled ?! All the other aspects like price, size, performance etc are less important.

        Another easy, cheap solution exists : do not communicate the IP of your game server to anybody. Never. Do not invite friends - that will become your enemies - to your server. Never.
        Apply these rules and you will never need to know what DOS is ....

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        sahanS 1 Reply Last reply Reply Quote 0
        • G
          GameVPN
          last edited by

          yes true
          i try many times with many diffr.. way to stop it
          but not working until now

          also i run a vpn not a game
          and there is some perosn stop this attack like this ip
          188.165.6.127
          no one down it with syn attack

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @GameVPN
            last edited by

            @GameVPN said in NEED setup Firewall:

            188.165.6.127

            Contact OVH tech support. Open a ticket with them and explain what's up.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • sahanS
              sahan @Gertjan
              last edited by

              @Gertjan R u using snort(IDS,IPS)

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @sahan
                last edited by Gertjan

                @sahan said in NEED setup Firewall:

                @Gertjan R u using snort(IDS,IPS)

                No - I do not need these.
                I only have trusted devices on my LAN ... and trust the people that use these devices.
                All other devices and people : behind a captive portal.

                Also : I don't know how to sneak/peak into SSL traffiv anyway, without completely breaking everything, or breaking my head.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  If the problem is your application be a game or vpn server can not handle the syn traffic, but your pipe is not anywhere close to being saturated.. Then a firewall can help, by filtering out the traffic before it gets to your application. As long as the firewall can handle the amount of traffic being generated.

                  What you can not stop with a firewall is when the pipe to the firewall is full.. The only way to handle such an attack is getting a bigger pipe, and fiewall and application that can handle the extra traffic.. Or get with the who provides the connection so that the unwanted traffic can be stopped/diverted upstream so your pipe does not become saturated.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  G 1 Reply Last reply Reply Quote 0
                  • G
                    GameVPN @johnpoz
                    last edited by

                    @johnpoz but how do i make it filter before it get to my server is there way ?

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by johnpoz

                      You would have to block the source IP.. Or you would have to use IPS to block the traffic on some other signature..

                      Which if a ddos - pretty hard to determine what is good traffic and what is bad traffic based on only IP.. Pfblocker could be of help here if all the bad traffic is coming from country X, but hope you don't have any actual clients you want to allow in country X, etc.

                      Again this can only help if your pipe is not full.. if your pipe is full not going to help..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      G 1 Reply Last reply Reply Quote 0
                      • G
                        GameVPN @johnpoz
                        last edited by

                        @johnpoz i will message you on private chat

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          Where exactly are you seeing that - like some of the first rules in the firewall

                          block drop quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
                          block drop quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
                          block drop quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
                          block drop quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
                          block drop quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0"
                          block drop quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0"
                          block drop quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0"
                          block drop quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0"
                          

                          They are just not shown in the gui..

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.