Hello everyone, I wanted to know if IPFIRE is the right product for what I want to do. I have several web servers with Plesk, which host 40 or 50 domains of my clients. These servers continually receive DDOS attacks, unwanted connections, intrusion attempts, etc. I wanted to put a firewall in front of these servers that is more oriented to protect this type of services. I have tried others but I see them more for generic use to protect an office network and what I want is to protect these web servers, detect attack patterns, limit connection attempts and more specifically protect a web server.
Is IPFIRE the right system for this? or do you recommend something else?
Thank you
What type of DDoS attack? SYN/ACK/RST flood attack? IPFire has SYN flood protection built in now. www.ipfire.org - IPFire Against The Bad Guys - Denial-of-Service Protection Of Up To Hundreds Of Gigabit/s, it is worth trying that.
alternatively, here is my IPFire fork GitHub - vincentmli/BPFire: BPFire development tree that is designed to do all kind of DDoS with XDP because of its dynamic programmability, just FYI ,
Hey Ernesto,
Welcome to the IPFire community!
For what you’re looking to do, IPFire is a great fit. Its Intrusion Prevention System (IPS), powered by Suricata, catches dodgy packets before they reach your servers. More IPS info.
You’ll also get SYN flood protection, which helps filter out smaller-scale DDoS attacks at the firewall level.
On top of that, IPFire lets you manage rate limiting and connection controls, so you can cap the number of connections to avoid overload. IPFire.org rate limit blog post.
Plus, you can easily add IP blocklists and set rules to block specific IP addresses, which is perfect for dealing with persistent threats.
Have a read through this for more info: IPFire: What is IPFire.
If configured correctly, IPFire can offer solid protection for your web servers.
Regards,
A G