infrastructure-roadmap icon indicating copy to clipboard operation
infrastructure-roadmap copied to clipboard
verified publisher icon ovh

GAME firewall upgrade | advanced filter

Open MikeRuSe opened this issue 1 year ago • 17 comments

Opening individual issue for adding advanced option to "other" game firewall profile. "Other" Game profile might include an advanced option that has action at UDP based traffic, where customers can specify and tweak parameters such as: -> Min packet (headers included) or payload length -> Max packet (headers included) or payload length -> Allowed src ports range based on dst port (by default ephemeral ports 1025-65535, but this can be tweaked) -> Packets per second per source IP https://github.com/ovh/infrastructure-roadmap/issues/135 @jslocinski

MikeRuSe avatar Mar 05 '24 21:03 MikeRuSe

Can the specified tweak parameters in the post be available for all profiles too and not only for Other. If ever considered, such tweaks should be available to all profiles. Will be good addition 👍

Gawnz1 avatar Mar 09 '24 23:03 Gawnz1

That's most wanting feature, I've been waiting for it 4+ years. What about TCP based traffic? Can I have at least some hope?

master-toma avatar Apr 17 '24 14:04 master-toma

This is definitely what we need

mrglbroc avatar Apr 17 '24 14:04 mrglbroc

Hello,

I own 6-10 servers in OVH, with MMO game, which is not supported by OVH GAME firewall, and I"m suffering from DDoS attacks often.

What whould help for sure, is:

Ability define following parameters for TCP based traffic: -> Min packet (headers included) or payload length -> Max packet (headers included) or payload length -> Packets per second per source IP

master-toma avatar May 06 '24 08:05 master-toma

Guys, to be able to prioritize, which one would be the very MVP as a top prio: a/ min-max packet length b/ src port acl per dst port c/ pps per src IP d/ tcp & udp support ?

jslocinski avatar May 07 '24 12:05 jslocinski

Hello,

min-max packet length is n1 prio for my use cases.

master-toma avatar May 07 '24 12:05 master-toma

min-max packet length would be cool

Docker0012 avatar May 07 '24 13:05 Docker0012

I hope on Min-Max packet length

LightShockDev avatar May 07 '24 18:05 LightShockDev

Hello, min-max packet length 🙏

mrglbroc avatar May 08 '24 10:05 mrglbroc

A) min-max packet length - MVP C) pps per src IP - 2nd ..

For me.

Gawnz1 avatar May 10 '24 04:05 Gawnz1

Required for GTAV: RAGEMP servers on unsupported client

1- PPS 2- BPS 3- Min-Max Packet Length

maraz1987 avatar May 16 '24 01:05 maraz1987

min-max, then PPS, please 🙏

lol10801lol avatar May 18 '24 12:05 lol10801lol

Packet length and PPS is a good start but ideally we would like to have full set of tools that OVH VAC team has so we can respond to incidents faster

Competing providers are starting to offer very granular control over filtering

Here is an example: Screenshot 2024-07-02 at 10-05-27 Create Flowrule aurologic Screenshot 2024-07-02 at 10-05-39 Create Flexrule aurologic

gegtor avatar Jul 02 '24 08:07 gegtor

Thanks for the insights. Just for a sake of clarity, let's not mix here those two topics: Anti-DDoS Infrastructure (VAC) and GAME DDoS Protection (or simply GAME-firewall). While first one is OVHcloud ASN inbound-only, globally distributed, L3-L4, close to the source, the second one is fine-grain, full L7, close-to-destination and no jitter.

We work on evolution of both systems based on your requests, and relevant VAC issues can be found or created.

jslocinski avatar Jul 02 '24 08:07 jslocinski