First declare. This setting can prevent DDOS attacks or 70% SYN semi-connection attacks. |
First, make the following settings for your machine!
Use a Local Security Policy to block all open ports that do not belong to the legend. For more information, see network,
It's just a 3000 method! Your legendary server can be accessed internally, but not externally,
Then open port 7000. 7100 7200! (Remember not to block it)
Download a hardware firewall simulation tool! (Haha, do you have this ?)
The name is MapPort port!
Open, enter the first implicit Group
7000-> 30000 (LoginGate)
7100-> 31000 (SelChrGate)
7200-> 32000 (RunGate)
Here, the 7000 7100 7200 port is only open to the outside world. It is not a legendary real port,
After being shot by the software, the legendary real port becomes 30000 (LoginGate), 31000 (SelChrGate), 32000 (RunGate)
Because these ports are only used for internal access, external access is thrown in by software from Port 7000 7100 7200, so it works properly.
Work
Remember to change the ports of the three gateways
This completes the settings ,.
Open MapPort and set it!
In security, you can set the maximum connection, single IP connection, and blacklist!
Maximum connections:
7000-> 30000 (LoginGate) is set to 40 single IP connection is set to: 20
7100-> 31000 (SelChrGate) is set to 30 single IP connection is set to: 20
7200-> 32000 (RunGate) is set to 1000 Single IP connection is set to: 20
In this way, we can effectively prevent DDOS attacks or other variant attacks!
Defends against SYN attacks!
You can set an IP address segment in the blacklist. This is troublesome!
Add nonexistent IP addresses in sequence:
193.0.0.1-193.20.254
194.0.0.1-194.20.254
66.0.0.1-66.20.254
30.0.0.1-30.20.254
This is for reference only, and there are many more. You can add it yourself.
Add a non-existent IP address or no connection to your address based on your own thinking skills! Write them in (do not be afraid, although there are many, but you can save
Storage)
After the configuration is complete, you can download a test of the anti-DDoS attack firewall,
My test is:
This is not the case. attack Port 7000! The CPU will last 100% game brute-force cards for a while, and the mouse cannot be moved smoothly,
Enter NETSTAT-A during running to prompt that the system resource is insufficient!
According to the configured attack: Port 7000,
Attack, CPU resources do not move! The game is normal!
View the log to view the blocked IP address!
Also, this can follow your standards, you can block player IP addresses on three ports!