What firewall to use

[Skuld.sama]

Hello!

Im looking for help to use a firewall to my server.
The main objective is to block these countries -> Russia, China, Belorussia, Ukrain.

Because 200%-of the attacks against my gameserver is coming from there.
Me and a few friends are playing on it, and im practicing java on it, and this is very annoying.

Im looking somthing relatively cheap solution.

[whispous]

You say you're getting attacked - what sort of attacks are these? If they're being blocked, then... that's what a firewall already does. A firewall doesn't stop the attacks reaching said firewall.

 

If the attacks are actually getting in and causing havok, you've opened up far too much with your port forwarding or whatever weirdness you've done.

 

And you can't have 200% as a proportion of something tangible.

[Alex Atkin UK]

1 hour ago, Skuld.sama said:

Hello!

Im looking for help to use a firewall to my server.
The main objective is to block these countries -> Russia, China, Belorussia, Ukrain.

Because 200%-of the attacks against my gameserver is coming from there.
Me and a few friends are playing on it, and im practicing java on it, and this is very annoying.

Im looking somthing relatively cheap solution.

I do this on my router (pfSense), its really the best place to do it and it prevents it ever reaching the server.

 

12 minutes ago, whispous said:

If the attacks are actually getting in and causing havok, you've opened up far too much with your port forwarding or whatever weirdness you've done.

Its not about opening up "too much", if you open anything then if they are looking at those ports, you'll get these attacks.

 

I have a web server and the logs used to be absolutely full of this sort of thing.  Blocking it at the router is the most sensible way, as like you said it doesn't prevent the attacks, but it prevents them reaching anything that can respond to them and filling the logs with junk.

[whispous]

2 hours ago, Alex Atkin UK said:

Its not about opening up "too much", if you open anything then if they are looking at those ports, you'll get these attacks.

 

I have a web server and the logs used to be absolutely full of this sort of thing.  Blocking it at the router is the most sensible way, as like you said it doesn't prevent the attacks, but it prevents them reaching anything that can respond to them and filling the logs with junk.

I did state that I was speaking about attacks getting in, not attacks being sent.

[Eigenvektor]

What type of server is it? Are you hosting at home, is it a dedicated machine, a VPS?

 

What type of operating system is installed on it?

 

If you're talking about a machine hosted professionally, the hoster likely has facilities in place that will let you define firewall rules.

 

Ideally you would block traffic with a dedicated hardware firewall, alternatively a machine running something like pfSense. If neither is an option, block on your router.

 

If none of these apply, you can always use the firewall built into the OS.

[Skuld.sama]

Its my home server, and continueingly get fake connection's, and dropping error messages. Like Malformed packet, Packet mismatch, hex like error codes, disconnected abnormally. And when i check the IP-s it from those countries.
So i want them blocked.

[m9x3mos]

3 minutes ago, Skuld.sama said:

Its my home server, and continueingly get fake connection's, and dropping error messages. Like Malformed packet, Packet mismatch, hex like error codes, disconnected abnormally. And when i check the IP-s it from those countries.
So i want them blocked.

Look up either pfsense or opnsense.

Both work great. Been using opnsense myself for a while now and love it. 

If you are a beginner and aren't running the newest hardware I would recommend pfsense as there is more support content for it. 

[Eigenvektor]

4 hours ago, Skuld.sama said:

Its my home server, and continueingly get fake connection's, and dropping error messages. Like Malformed packet, Packet mismatch, hex like error codes, disconnected abnormally. And when i check the IP-s it from those countries.
So i want them blocked.

If you're on Linux, look into nftables (or if you're on an older distribution iptables). But the better option is likely a separate machine between the internet and your server running pfsense/opnsense.

 

There's also software like fail2ban that you can configure to follow log files and react to specific entries using regular expressions. For example it can be used to automatically update firewall rules to ban IPs for a certain amount of time if there's a certain number of failed login attempts etc. Could likely be used to react to messages lie malformed packet and ban the offending IPs.