Forum

> > Trash > (Linux) Firewall
Forums overviewTrash overviewLog in to reply

English (Linux) Firewall

30 replies
Page
To the start Previous 1 2 Next To the start

Poll Poll

What do you think about it?

Only registered users are allowed to vote
I agree.
62.50% (10)
I disagree.
25.00% (4)
Doesn't have opinion.
12.50% (2)
16 votes cast

old Re: (Linux) Firewall

DC
Admin Off Offline

Quote
@user Evaldas: I don't think that it is possible to only receive the header of a UDP packet. You will always receive the entire packet. A firewall on the server itself can't change this. It can only tell your system to discard the packet AFTER receiving it. The bandwidth is gone anyway.

old Re: (Linux) Firewall

Evaldas
BANNED Off Offline

Quote
Thats sad.
So only way to protect your self you need to have bigger bandwidth (+Firewall). All others methods are worthless.
edited 1×, last 15.06.15 03:45:09 pm

old Re: (Linux) Firewall

lennon
User Off Offline

Quote
The only way to protect your server is do nothing cause if he wants to crash u server he will do this. Doesnt matter how big rack u have, how good firewall. Of course if we talking about a cheap servers without any ddos protection from hoster. U can just put autorestart script on u server. Thats it. I spotted on my servers with autorestart script when is dosed, i seen hes leave alone my servers.

So i high recommended that script cause if he attack u server, he done job and come check server will restart and show him 'u cant beat me u punk!'
After he will angry and will cry all night. And leave your servers obviously

old Re: (Linux) Firewall

Evaldas
BANNED Off Offline

Quote
Auto restart = Long DDoS attacks until your ISP will block your access to Internet. Because these attacks eats too much bandwidth.
End of the game.
user lennon If you don't use firewall your server will go down from few bytes flood.

old Re: (Linux) Firewall

GeoB99
Moderator Off Offline

Quote
I think I am not clear enough what I said before regard the auto restart script. Just because there would be one or few attackers that felt pissed of after that doesn't mean all of them are. As I said before, the auto-restart script is used as a recovery and it won't protect you against such attacks in any way. Don't get me wrong, such script like auto-restart would be useful in some cases but for attacks, you are deluded!

@user Evaldas: You're partially true but not just that. Majority of people here host their servers with the VPS and such attacks like (D)DoS attacks, it could damage your VPS. Of course this depend on how the strong the attack it is.

old Re: (Linux) Firewall

lennon
User Off Offline

Quote
Well i have just autorestart script and my servers are online more than half year

old Re: (Linux) Firewall

Evaldas
BANNED Off Offline

Quote
I'm not trying to insult you, but maybe your server is always up because its not popular and nobody want to take him down.

old Re: (Linux) Firewall

ead
User Off Offline

Quote
I liked the topic, I came to leave a iptables rule to further assist in your server protection. I want makes it clear that the configuration and protection from DDoS and very hard and a protection against Dos and DDoS. You need to have greater bandwidth than yours! To cover attacks from home.

This rule it blocks DDoS attacks for UDP ports.
1
iptables -A INPUT -p UDP --dport 7 -j DROP
1
iptables -A INPUT -p UDP --dport 19 -j DROP
1
iptables -A INPUT -p UDP -f -j DROP

Remember these only those rules do not help! Study the very iptables this and my advice.

old Re: (Linux) Firewall

Evaldas
BANNED Off Offline

Quote
For simple cs2d user, these iptables should be good enough.

1
2
3
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state INVALID -j DROP
For Counter-Strike2D. (Client)
1
2
iptables -P INPUT --source unrealsoftware.de -j ACCEPT
iptables -A INPUT -p udp --dport 36963 --sport 20000-50000 -j ACCEPT

Web Surfing.
1
2
3
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -p tcp --sport 443 -j ACCEPT


SHH Connection.
1
iptables -A INPUT -p tcp --sport 22 -j ACCEPT

To watch bandwidth.
1
dstat --net --socket --cpu


Didn't want to renew thread so just edited post
Spoiler >
edited 1×, last 08.09.15 03:41:39 pm

old Re: (Linux) Firewall

lennon
User Off Offline

Quote
Today some pathetic kid ddosing my server i have autoreload ass well, but when i put command from user ead then server shut down stopped, i recomended
To the start Previous 1 2 Next To the start
Log in to replyTrash overviewForums overview