We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

OVH Firewall with cPanel Servers


Vishnu
2017-02-12, 09:18 AM
What you need to do is only allow the TCP (SYN + Established) and UDP packets your services need to work and block all other traffic. You will be able to create universal SYN and established rules that will cover all the other lower priority TCP rules and this will protect against TCP SYN attacks, for example:

- Priority: 0 - Action: Authorize - Protocol: TCP - Source IP: Blank/All - Source port: Blank/All - Destination port: BLANK - Flags: SYN
- Priority: 1 - Action: Authorize - Protocol: TCP - Source IP: Blank/All - Source port: Blank/All - Destination port: BLANK - Flags: Established

You will then be able to configure your other TCP rules (Deny or authorize) using source IP, destination port, ect. For example:

- Priority: 2 - Action: Authorize - Protocol: TCP - Source IP: Blank/All - Source port: Blank/Allv - Destination port: 80 (or any other port)

The same is required for the UDP traffic, the only difference is that there is no SYN/Established flags and you only need to add one rule for each UDP port you want to allow.

Finally, complete you configuration with the following rule to block any other traffic:

- Priority: 19 - Action: Refuse - Protocol: IPv4 - Source IP: Blank/All - Source port: Blank/All - Destination port: Blank/All


How to configure this for cPanel Servers ? Please guide