ٴ

Status
This thread has been locked.
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.
Zed.X

Zed.X

Premium
Feedback score
5
Posts
224
Reactions
25
Resources
0
Flase said:
Hey so I currently host a few game servers (CSGO, discord bot, Garrys Mod, Minecraft and some others) and I was just wondering before i fully release it to the public if there would be any further iptables or OVH Firewall/Game rules i would want to put onto the server to prevent it getting ddosed

If anyone can help contact me on discord thanks Revolts#0001
Click to expand...
Added. [ AodX#7679 ]
 
RileyN

RileyN

Net Sys Admin | AstroVPN CEO
Premium
Feedback score
3
Posts
350
Reactions
193
Resources
0
Not the proper way to handle DDoS protection in my opinion, however, iptables/ufw can be used to limit attack surface (i.e. restrict port access to a specific IP address) and rate limit connections (i.e limit* DoS attacks).

Your best bet when it comes to DDoS protection would be a third party service (like a host with proper protection/throughput guarantees, proxypipe, tcpshield, etc).
 
I_Luv_Cowz

I_Luv_Cowz

Feedback score
5
Posts
292
Reactions
120
Resources
4
Flase said:
Hey so I currently host a few game servers (CSGO, discord bot, Garrys Mod, Minecraft and some others) and I was just wondering before i fully release it to the public if there would be any further iptables or OVH Firewall/Game rules i would want to put onto the server to prevent it getting ddosed

If anyone can help contact me on discord thanks Revolts#0001
Click to expand...
Excellent explanation by Riley and Frank, but I would advise against a tunnel such as TCPShield due to the fact that their capacity really isn't much better than OVH's (Plus it adds significant latency and is going to end up costing you more than the hosting). If you use OVH's game servers, you could configure its GAME Firewall which is significantly better for mitigating layer 7 game attacks (ie: bot attacks in minecraft).

You shouldn't need to use UFW/IPTables as OVH's firewall is much more reliable and actually mitigates attacks.

OVH has a 400Gb backbone, your server probably only has a 1Gb port. Leveraging OVH's backbone for firewall is a much better than using a software firewall (UFW/IPTables) since it:
1. Won't use up your data if someone attacks a closed port/gets firewalled
2. They'd need to take the entire OVH network offline (400Gbps attack) instead of just a 1Gbps attack to take your server offline.
 
Last edited:
Status
This thread has been locked.
Top