Documentation
Documentación » VPS » How to configure Path.net DDoS protection to block attacks

How to configure Path.net DDoS protection to block attacks

Acceso rápido a las secciones de este documento

0 - Prologue

Path.net is a network provider that offers DDoS attack mitigation and is integrated within the GINERNET network, so that any server can benefit from this protection.

The main advantage of Path.net’s attack protection is the possibility to create specific filters for the following services:

  • Cualquier servicio TCP
  • OpenVPN
  • Wireguard
  • DNS
  • STUN
  • QUIC
  • SIP
  • DTLS
  • RTP

In addition, specific DDoS attack mitigation filters are also available for the following games:

  • TeamSpeak 3
  • Source Engine Queries
  • RakNet Server (v2)
  • Minecraft Java Edition
  • Half Life 2/Source Server
  • GTA V Multiplayer (FiveM)
  • San Andreas Multiplayer (SA-MP) + RakSAMP
  • Half-Life Dedicated/GoldSrc
  • ARMA 3
  • L4D2/CS:GO
  • Renegade X
  • DayZ
  • Squad

1 - How to set up Path DDoS protection

To take advantage of Path.net’s DDoS mitigation options you must contract a protected IP with Path.net.

Once you have contracted the IP, you must route it to your VPS. To do this, follow step 7 of this guide.

Once you have your IP assigned, you will be able to manage them from your GridCP control panel: gridcp.ginernet.com

configure-ddos-path

You will see that by default there is already a rule that does DROP by default to all traffic entering your IP. At this point, you must add the services running on your server.

For example, we have created 3 rules:

  • Limit ICMP traffic (ping) to 1000 pps (packets per second).
  • Allow access to port 80 (web)
  • Allow access to port 22 (SSH)

Any other traffic will be blocked before reaching your server.

At this point you may be wondering how to prevent attacks on ports 22 and 80 that we have opened? This is done from the “Filters” option.

De esta forma estamos activando la validación del tráfico TCP a los puertos indicados. Cualquier tráfico que genere tramas inválidas, será bloqueado antes de llegar a tu servidor, permitiendo solo el tráfico legítimos.

2 - Rules for the game "RUST".

These are the rules that Path.net recommends to create to protect the RUST game.

Filters:

  • UDP puerto 28015

Rules:

  • RakNet Server (v2)
  • Source Engine Queries
  • TCP Service (symmetric)
rust-filters

Additionally you will have to activate other services that you have running such as SSH, RDP, etc… Check the previous step to see how to open and configure any port correctly.