Help for a rules

V

vamos

Hello guys, I've got a little problem with an attack on my dedicated, this attack point to 80 port and external port is :1234 but the dedicated stay online, just make a little lag the connection on my game
I wanted to know what rules does I need use for block this attacks:
Code: 
tcp4       0      0 91.xxx.xx.28.80        171.158.171.52.1234    SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        119.149.119.9.1234     SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        80.107.80.47.1234      SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        44.80.44.248.1234      SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        70.52.70.104.1234      SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        181.129.181.209.1234   SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        25.194.25.38.1234      SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        222.60.222.220.1234    SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        44.205.44.209.1234     SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        205.127.205.27.1234    SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        95.60.95.184.1234      SYN_RCVD
(15000 IP like it)
I've tryed it with the rc.firewall:
Code: 
	${fwcmd} add 011 deny ip from any 1234 to me dst-port 80
But doesn't work... does someone can help me ?
Thanks in advance :(
 
Hello, this is a private game using the 13000 port, and this attack block the connecting... but make nothing to the website.. how about a rules ? thanks.
 
Please post the entire ruleset, it's possible there are other rules that allow this traffic and your block rule may never be reached.
 
Hello,
Code: 
setup_loopback () {
	############
	# Only in rare cases do you want to change these rules
	#
	${fwcmd} add 001 deny ip from table\(1\) to me
	${fwcmd} add 002 allow tcp from any to me dst-port 8881,11003-13066,13110 limit src-addr 8 via igb0
	${fwcmd} add 003 deny tcp from any to me dst-port 8881,11003-13066,13110 via igb0
	${fwcmd} add 011 deny ip from any 1234 to me dst-port 80
        ${fwcmd} add 012 deny ip from any to me dst-port 12001,14016-14536,64010 via igb0
	${fwcmd} add 013 deny ip from any to me dst-port 3306 via igb0
	${fwcmd} add 100 pass all from any to any via lo0
	${fwcmd} add 200 deny all from any to 127.0.0.0/8
	${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
	if [ $ipv6_available -eq 0 ]; then
		${fwcmd} add 400 deny all from any to ::1
		${fwcmd} add 500 deny all from ::1 to any
	fi
}
Thanks
 
You must log in or register to reply here.
Back
Top