Want to subscribe to topics you're interested in?
Become a Member

OVH OVH Firewall

Discussion in 'Dedicated server hosting' started by Jimmy, Apr 24, 2017.

  1. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    3:52 PM
    1.13.x
    MariaDB 10.1.x
    Wanted to start a thread about setting up / settings for using OVH Firewall.

    It would be great a develop a default setup for people using the OVH Firewall and CMM. Anyone who has suggestions, please post them.

    Setup
    Firewall Network | OVH Docs
    • You can set up to 20 rules per IP.
    • The firewall network is not taken into account in the OVH network, so the rules implemented do not affect the connections inside the OVH network.

     
    • Like Like x 1
  2. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    3:52 PM
    1.13.x
    MariaDB 10.1.x
  3. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    5:52 AM
    Nginx 1.13.x
    MariaDB 5.5
  4. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    3:52 PM
    1.13.x
    MariaDB 10.1.x
    I'm not that great with firewalls, but I'll test out and see what happens. Post the results here. Hopefully we can come up with a default setup for OVH.
     
    • Agree Agree x 1
    • Informative Informative x 1
  5. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    3:52 PM
    1.13.x
    MariaDB 10.1.x
    @eva2000 just curious why other ports were missing from the Vultr list? https://community.centminmod.com/th...plicate-csf-firewall-inbound-rule-sets.11433/

    One problem with OVH Firewall is that I can't figure out how to add a range? Destination port text field only takes 5 characters so I can't enter a range.

    Looks like port range isn't available. OVH anti-ddos PRO firewall rules
     
    Last edited: Apr 27, 2017
  6. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    3:52 PM
    1.13.x
    MariaDB 10.1.x
    Found this online: OVH IP Configure firewall Add Rule for Anti DDOS

    [​IMG]

    Read here a comment about the above rules: How to configure OVH FIREWALL, DDoS protection?
    I'm not even sure about the above rules. :(
     
    Last edited: Apr 27, 2017
  7. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    3:52 PM
    1.13.x
    MariaDB 10.1.x
  8. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    3:52 PM
    1.13.x
    MariaDB 10.1.x
    Wow, permanent mitigation really slows things down (nginx update) not sure about an actual running site - don't have one online to test yet.

    I did read somewhere that it takes some time for the automatic mitigation to kick in and the attack has to be a certain level before the firewall recognizes as an attack. One of the reasons why permanent mitigation was advised, so the site doesn't have any downtime. Though, it was noted that you'd take a millisecond(s) hit with perm mitigation.

    Using the rules outlined here: https://community.centminmod.com/posts/48899/ seems to work. Not having any issues connecting. Since OVH Firewall doesn't do port ranges I was thinking that maybe a general approach would work best, stopping major attacks before the server. Allow CSF to handle the rest.

    If anyone has an OVH Firewall setup they want to share, please post it. I'd love to know how other people are setting up the firewall.
     
    Last edited: Apr 27, 2017
  9. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    5:52 AM
    Nginx 1.13.x
    MariaDB 5.5
    Interesting indeed.. let us know how it goes long term wise

    Vultr and OVH are inbound firewalls only not outbound, the other CSF Firewall default ports are for smtp/pop3/imap in and outbound where you only need outbound for Centmin Mod default. But i added inbound just in case folks setup pop3/imap servers themselves.
     
    • Informative Informative x 1
  10. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    3:52 PM
    1.13.x
    MariaDB 10.1.x
    If you come across any other information or have suggestions on what rules to setup, let me know. Judging by the other OVH thread (20+ pages) it might be good to have some recommendations to give people who're using OVH w/ CMM and opt to use their firewall.

    I think at this point I'm just going to delete the rules and go with the default settings allowing OVH to be the first line and CSF to block ports etc. I did respond to in the comments @ OVH IP Configure firewall Add Rule for Anti DDOS but it's from 2015 and not sure if the guy is going to respond backing up his rule choices.