OVH Anti-DDoS Firewall Best Practices

Photo credit: Kev at flickr

Layers of OVH Network

Mitigation of the attack

Here is my configurations

OVH Firewall configuration example (SSH/HTTP/HTTPS)

OVH Firewall configuration example (SSH/HTTP/HTTPS)

Dedicated Server

If you are using the OVH dedicated servers. You have an extra GAME firewall can be use. It is important to UDP based games. Please refer to https://docs.ovh.com/gb/en/dedicated/firewall-network/#configuring-armor

Additional

Due to a bug of OVH Firewall, you still need to block malformed ACK connections by using iptables:

Block invalid connections using iptables

Conclusion

Block all incoming connections, only open the port that necessary.

References:

• Counteracting a DDoS attack in 4 stages — OVH
• OVH IP Configure firewall Add Rule for Anti DDOS