# Help for a rules



## vamos (Jan 3, 2013)

Hello guys, I've got a little problem with an attack on my dedicated, this attack point to 80 port and external port is :1234 but the dedicated stay online, just make a little lag the connection on my game
I wanted to know what rules does I need use for block this attacks:

```
tcp4       0      0 91.xxx.xx.28.80        171.158.171.52.1234    SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        119.149.119.9.1234     SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        80.107.80.47.1234      SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        44.80.44.248.1234      SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        70.52.70.104.1234      SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        181.129.181.209.1234   SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        25.194.25.38.1234      SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        222.60.222.220.1234    SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        44.205.44.209.1234     SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        205.127.205.27.1234    SYN_RCVD
tcp4       0      0 91.xxx.xx.28.80        95.60.95.184.1234      SYN_RCVD
(15000 IP like it)
```
I've tryed it with the rc.firewall:

```
${fwcmd} add 011 deny ip from any 1234 to me dst-port 80
```
But doesn't work... does someone can help me ?
Thanks in advance


----------



## wblock@ (Jan 3, 2013)

What game?


----------



## vamos (Jan 3, 2013)

Hello, this is a private game using the 13000 port, and this attack block the connecting... but make nothing to the website.. how about a rules ? thanks.


----------



## SirDice (Jan 3, 2013)

Please post the entire ruleset, it's possible there are other rules that allow this traffic and your block rule may never be reached.


----------



## vamos (Jan 3, 2013)

Hello, 

```
setup_loopback () {
	############
	# Only in rare cases do you want to change these rules
	#
	${fwcmd} add 001 deny ip from table\(1\) to me
	${fwcmd} add 002 allow tcp from any to me dst-port 8881,11003-13066,13110 limit src-addr 8 via igb0
	${fwcmd} add 003 deny tcp from any to me dst-port 8881,11003-13066,13110 via igb0
	${fwcmd} add 011 deny ip from any 1234 to me dst-port 80
        ${fwcmd} add 012 deny ip from any to me dst-port 12001,14016-14536,64010 via igb0
	${fwcmd} add 013 deny ip from any to me dst-port 3306 via igb0
	${fwcmd} add 100 pass all from any to any via lo0
	${fwcmd} add 200 deny all from any to 127.0.0.0/8
	${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
	if [ $ipv6_available -eq 0 ]; then
		${fwcmd} add 400 deny all from any to ::1
		${fwcmd} add 500 deny all from ::1 to any
	fi
}
```
Thanks


----------



## wblock@ (Jan 3, 2013)

What version of FreeBSD?


----------



## vamos (Jan 3, 2013)

wblock@ said:
			
		

> What version of FreeBSD?


FreeBSD 7.4-RELEASE (GENERIC) 64 bits


----------



## wblock@ (Jan 3, 2013)

Now tell me the game is not Metin2.


----------



## vamos (Jan 3, 2013)

wblock@ said:
			
		

> Now tell me the game is not Metin2.


But anyway the ask is not what game is but what rules use...


----------



## vamos (Jan 3, 2013)

Okay u can look this post, i will ask my friend, thx.


----------

