I use a location group.
you can allow the countries that need access. to your game server.
You sould look into installing fail2ban on your game server.
you can allow the countries that need access. to your game server.
how to install fail2ban
Is your server game linux?
Should be available in your package manager.
I have never setup fail2ban myself.
They use it on Phone networks. and servers.
1 Like
my server game use windows … i make 2 vps … 1 for game server and 1 for ipfire…
Bare metal is recommended.
1 Like
yes i use this … hyper V
Guardian addon would be a good equivalent, I use it
I am not a Pro but I doubt that fail2ban will protect from a DDoS, maybe an old fashoned DoS. Today these kids use resilient ever changing IP’s, RRDNS, CDNs …
I had a questions, what is Orange interface or DMZ used for? Would it make any difference for a gaming server?
This is just an idea, but I heard Pro’s use a “load-balancing” “reverse proxy” and SSL certs to prevent DDoS. I don’t know how to set it up but IPFire has it. It is called HAProxy.
I wish I could help more
1 Like
The Guardian addon i will have to look into.
This is allot to ask a hypervisor.
Bare metal would be my first thing.
I hope your Server has A SSD hard drive.
1 Like
It has 2 ON/OFF switches:
|SSH Brute Force Detection
|httpd Brute Force Detection|
very easy to use
Looks like fail2ban can be integrated with API’s and monitor more services.
i already make research … all TCP port ipfire can protect … but UDP port can’t protect … thats why he attack my udp port …
Your issue is UDP form of DDoS ?
I heard it is called UDP Flood attack. I did hear that a CDN is recommended to mitigate UDP Flood attack but I am not a Pro.
Got cdn in ipfire ?
A CDN is a Content Delivery Network.
How install on ipfire sir
I still would recommend Bare metal install.
1= ICMP rate-limiting: not sure how to do this.
2= **Firewall-level filtering on the server:**this sounds like a default firewall behavior.
3= Filtering UDP packets, except for DNS, at the network levelThis also sounds like a default behavior
A couple of HAProxy can do this, I would like to know how to do it as well
Looks like a job for a Pro
IPFire takes care of ICMP floods automatically, it could be one of Suricata rules
This I think sums it up
Quote:
If you are experiencing network congestion due to the UDP load, your only chance of mitigating the impact is to ask your upstream provider to set up a filter rule to stop these UDP packets from being forwarded to your network.
Sounds like your next solution is Paid service that offers UDP flood protection.
I have hosted a Minecraft server in the past.
The IO on this sort of thing “Gaming” can be a huge stress on your hardware.
IPFire if it is under attack from UDP flood is going to require all the resources it can get.
Sharing IO with a game server all in a virtual environment sound like a lot to ask. your shared hardware may not be up for the task.
how can i give TEST to on public … this is ip proxy i want try to give open to public for protect my port
wonder if you have resolved your DDoS issue, I had extended ipfire with DDoS feature with kernel XDP that could stop DDoS at network driver level, way much better that rate limiting in iptables or in Suricata, https://youtu.be/QCjets-zYdc?si=jdfhn-8aP42PZGGC