OVH OVH Firewall

Wanted to start a thread about setting up / settings for using OVH Firewall.

It would be great a develop a default setup for people using the OVH Firewall and CMM. Anyone who has suggestions, please post them.

---

Setup
Firewall Network | OVH Docs

• You can set up to 20 rules per IP.
  
• The firewall network is not taken into account in the OVH network, so the rules implemented do not affect the connections inside the OVH network.

 

I wonder if the https://community.centminmod.com/th...plicate-csf-firewall-inbound-rule-sets.11433/ would be the best rules to copy?

I guess I wouldn't have to copy in the rules for https://community.centminmod.com/threads/ovh-icmp-ping-whitelist-for-csf-firewall.11427/ because the firewall doesn't block OVH network (internal OVH network).

 

I'm not that great with firewalls, but I'll test out and see what happens. Post the results here. Hopefully we can come up with a default setup for OVH.

 

@eva2000 just curious why other ports were missing from the Vultr list? https://community.centminmod.com/th...plicate-csf-firewall-inbound-rule-sets.11433/

One problem with OVH Firewall is that I can't figure out how to add a range? Destination port text field only takes 5 characters so I can't enter a range.

Looks like port range isn't available. OVH anti-ddos PRO firewall rules

 

Found this online: OVH IP Configure firewall Add Rule for Anti DDOS

Read here a comment about the above rules: How to configure OVH FIREWALL, DDoS protection?

I'm not even sure about the above rules.

 

Great info on the Firewall from 2013.

OVH News - Anti-DDoS protection is a standard service, not an option

 

Wow, permanent mitigation really slows things down (nginx update) not sure about an actual running site - don't have one online to test yet.

I did read somewhere that it takes some time for the automatic mitigation to kick in and the attack has to be a certain level before the firewall recognizes as an attack. One of the reasons why permanent mitigation was advised, so the site doesn't have any downtime. Though, it was noted that you'd take a millisecond(s) hit with perm mitigation.

Using the rules outlined here: https://community.centminmod.com/posts/48899/ seems to work. Not having any issues connecting. Since OVH Firewall doesn't do port ranges I was thinking that maybe a general approach would work best, stopping major attacks before the server. Allow CSF to handle the rest.

If anyone has an OVH Firewall setup they want to share, please post it. I'd love to know how other people are setting up the firewall.

 

If you come across any other information or have suggestions on what rules to setup, let me know. Judging by the other OVH thread (20+ pages) it might be good to have some recommendations to give people who're using OVH w/ CMM and opt to use their firewall.

I think at this point I'm just going to delete the rules and go with the default settings allowing OVH to be the first line and CSF to block ports etc. I did respond to in the comments @ OVH IP Configure firewall Add Rule for Anti DDOS but it's from 2015 and not sure if the guy is going to respond backing up his rule choices.