What is the best firewall "CSF" or "IPTABLES"?

[CaioVictor]

Hi rAthena xD

 

First excuse my English.

 

I'm needing to protect my server against DDOS attacks.

But i do not know which firewall is best and how will be the first time i set up a firewall on linux, i wonder if someone can help me to install and configure.

 

Can anyone help me?

 

I appreciate any help intention.

 

Att,

CaioVictor.

 

[Asura]

Hi CaioVictor,

 

CSF requires IPTables to work.

 

Also, Software Firewall can only protect you from DOS attacks; DDOS attacks will either consume all your RAM/CPU while your Software Firewall blocks it. And there's also your server port limitation; say if you have a 100mbit port, then a 10mbps flood would hit off your server (same with 1gbit with a 100mbps flood).

 

If you are serious about server hardening; you will need to make modifications on your sysctl.conf to harden your kernel for TCP-based attacks/floods. You are only able to do this if you have a KVM/XEN or a Dedicated Server; OpenVZ-based service should have been set up by your hosting provider.

 

The only legit way of protecting your server from DDOS is if you have a hardware filter; NOT hardware firewall, firewalls can block most UDP-based attacks but you will have trouble with TCP (SSYN, ESSYN, SYN, ACK, etc.)

[CaioVictor]

Hi Asura, thanks for answering!

My problems with ddos attacks are not serious, however, it's making the map-server crash time to time.

In that case what would be best to solve the attacks?

 

Again thanks for replying!

 

Att,

CaioVictor.

Edited August 13, 2013 by CaioVictor

[ccjosh]

Are you sure that you're receiving attacks? Maybe it's just a faulty svn version(?)

Could you paste here your crash dumps?

[Asura]

Hi CaioVictor,

 

ccjosh may be right. If all you are receiving are map-server crashes, it is most likely not a DDOS attack. I would recommend that you try to get a core dump if it is crashing completely or try to run map-server verbose and log everything to see what error message(s) you get when it crashes.

[Jasc]

Use GDB, it will tell you where in the source that the error originated from that caused the crash

[CaioVictor]

Hi ccjosh, Asura and Jasc xD

 

Thank you all for helping!

 

Referring to the map-server crash this stopped falling, however, i've found DDOS attacks in logs, then the server simply closes, it is due to the attacks right?

 

I have used the GDB to identify the problem and there was no problem with the source and SVN version, which leads me to believe that the problem is ddos attacks.

 

I'll try to install IPTABLES, is there any existing configuration so that i can apply while i learn how to set it up myself?

 

Please, if not more uncomfortable, help me to install and configure, because with time i will learn to make my own settings, but at the moment i really need to stop these attacks!

 

Asura, i'm from Brazil and would have to convert the BRL to Dollar, you could do a special price on their host with ddos protection?

 

Att,

CaioVictor.

[Asura]

Hi CaioVictor,

 

If your emulator has stopped crashing, and you are getting a 'Server Disconnection' issue while playing; then it probably is DDOS. When you are able to access your server again, is your map/login/char servers still running? Please let me know.

 

As for purchasing a hosting service, please send me a PM of what specifications you need (Disk Space, RAM, CPU); thanks.

[CaioVictor]

Hi Asura ^^'

 

Actually the map/login/char servers close, and I have to reboot, it happens sometimes!

Can, you help-me to install and configure IPTABLES?

 

Att,

CaioVictor.

[Jasc]

Packet_Athena.conf
//----- IP Rules Settings -----

// If IP's are checked when connecting.
// This also enables DDoS protection.
enable_ip_rules: no

Try setting that to no.

 

Then use an auto-restarter script for linux, that way you don't always have to reboot it, it will reboot itself when it goes down

[CaioVictor]

Hi Jasc ^^'

 

I had configured the "enable_ip_rules" to "yes" earlier!

But what would this auto-restarter?

I do not know, can you explain better what would it be?

 

Att,

CaioVictor.

 

EDIT 01 =>

 

I wonder how do I install iptables and what settings I apply, can someone help me?

 

Doing that shows on this topic http://rathena.org/board/topic/67002-iptables-rule-for-rathena/?p=123843 answered by Asura

Is correct and work? Even with external connection of the database?

 

Att,

CaioVictor.

 

EDIT 02 =>

 

I believe that the subject of the topic is closed, right?

To keep the forum organized, I think this topic can be closed.
I'll open a new topic on configuring iptables!

Many thanks to all for your help and support!

 

Att,

CaioVictor.

Edited August 14, 2013 by CaioVictor

[Asura]

Hi Asura ^^'

 

Actually the map/login/char servers close, and I have to reboot, it happens sometimes!

Can, you help-me to install and configure IPTABLES?

 

Att,

CaioVictor.

Hi CaioVictor,

 

I recommend that you check your actual provider's uptime by going to your SSH/Terminal and typing;

uptime

 

It's possible that your host is restarting your node constantly, causing your service to close. I have never seen all 3 servers (map/char/login) crash at the same time for no reason...

[CaioVictor]

Hi Asura xD

 

This is the uptime and is just 4 days online because 4 days ago I rebooted the host.

 19:36:13 up 4 days,  1:43,  1 user,  load average: 0.00, 0.01, 0.00

Thanks for replying again!

 

I know the server is falling attacks because the consoles emulator displays the message =\

 

Att,

CaioVictor.

[Asura]

Hi Asura xD

 

This is the uptime and is just 4 days online because 4 days ago I rebooted the host.

 19:36:13 up 4 days,  1:43,  1 user,  load average: 0.00, 0.01, 0.00

Thanks for replying again!

 

I know the server is falling attacks because the consoles emulator displays the message =\

 

Att,

CaioVictor.

Hi CaioVictor,

 

Can you copy & paste the message?

[CaioVictor]

Hi ^^'

 

Sure I can, but in my case is in Portuguese, is as follows:

[Aviso]: connect_check: Ataque DDoS detectado a partir do endere‡o xxx.xxx.xxx.xxx!

Att,

CaioVictor.

Edited August 14, 2013 by CaioVictor

[Asura]

Hi CaioVictor,

 

But DDoS attacks do not shut off your map/char/login servers; they only affect your server's network... it shouldn't be closing your servers down. 

[CaioVictor]

Hi Asura xD

 

That is what I'm thinking.

Anyway, i need protection to prevent future problems with attacks, right?

 

Many thanks for your help and support!

 

Att,

CaioVictor.

[Abueloton]

Hi CaioVictor

 

The one solution is faildBan

 

Guide for Debian

To install fail2ban we just have to:

 

Refresh our system and likewise give you a cleaned ara not all bad:

 

# aptitude update && aptitude safe-upgrade && aptitude clean && aptitude autoclean 

 

 

Then make install fail2ban

 

# apt-get install fail2ban

 

Now our fail2ban is installed. These can ayduar you to configure:

 

 

Restart

# /etc/init.d/fail2ban restart

 

Starte

# /etc/init.d/fail2ban start

 

Stop

# /etc/init.d/fail2ban stop

 

Status check fail2ban

# /etc/init.d/fail2ban status

 

Configure:

Enter residence address and edit the file.

/etc/fail2ban/jail.local

 

The log ban was faild residence address:

 /var/log/fail2ban.log

 

 

 

Note: Remember that "#" indicates the console commands

[ccjosh]

CaioVictor,

 

Weird. Can you specify your server specs? Maybe your RAM is failing. Do you have other services running in your server other than your emulator and MySQL?

You could do a top to see what's eating your RAM.

 

Also, do you have custom cron jobs to check your emulator's services?

[Asura]

Hi CaioVictor,

 

I would not recommend fail2ban over CSF, CSF is definitely better. Also, I would recommend that you find out why your RO emulator is crashing; I still doubt that it is DDOS attacks.

[CaioVictor]

Hi Abueloton ^^'

 

I've thought about installing fail2ban, but first need to apply a minimum of protection with firewall, then install the fail2ban.

However, thanks for the detailed information will be very useful.

 

ccjosh thanks for replying too xD

 

The only things that are currently running on the server are mysql and emualdor!

There is no active cron jogs.

I'm sure the problem is not exceeded memory, for I always do checks memory consumption xD

 

If it is not asking too much, you could check this post for me?

http://rathena.org/board/topic/86250-iptables-configuration/?p=216890

 

I will study the CSF to see if learn something, and stop the mess you xD

 

Att,

CaioVictor.

Edited August 15, 2013 by CaioVictor

[Asura]

Hi CaioVictor,

 

CSF is really easy to use; after installation, you just edit '/etc/csf/csf.conf' and change values to whatever you like. Everything is explained well in the csf.conf file.

[CaioVictor]

Hi Asura ^^'

 

Thanks for all the help you gave me!
I installed and configured the iptables, i'm using basic settings for a while i did not learn about this firewall.

 

Thank you for not abandoning this topic!

 

Att,

CaioVictor.