#Can anyone explain to me how this is possible?

OVH Edge firewall just doesn't work or i'm doing something wrong?

Does the traffic reach your server at first?

Keep in mind to let some ports open for your IP/VPN or 0.0.0.0, such as SSH so you can log-in

https://help.ovhcloud.com/csm/en-dedicated-servers-firewall-network?id=kb_article_view&sysparm_article=KB0043448

It's all a bit more complicated 😅

It's a long story.

About a month ago I encountered ddos ​​attacks on my server, wrote to support asking for help, they "tweaked" their protection.

Then problems with connecting to the server started, a simple
http connected on the third try, as did other services:
||# wget 135.125.188.7:10024
--2024-07-14 07:09:16-- http://135.125.188.7:10024/
Connecting to 135.125.188.7:10024... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--2024-07-14 07:09:17-- (try: 2) http://135.125.188.7:10024/
Connecting to 135.125.188.7:10024... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--2024-07-14 07:09:19-- (try: 3) http://135.125.188.7:10024/
Connecting to 135.125.188.7:10024... connected.
HTTP request sent, awaiting response... 200 OK
Length: 557 [text/html]
Saving to: ‘index.html.15’

index.html.15 100%[=================================================================================================>] 557 --.-KB/s in 0s

2024-07-14 07:09:19 (24.7 MB/s) - ‘index.html.15’ saved [557/557]
||

At first I just connected failover ip and started using it for my services, and on the firewall I closed access to the main server IP as shown in the screenshot, but then random packet losses started, mostly at night, when no one even uses my services :\

I wrote to support again, they fixed the connection problems (which means the problem was on the OVH side!), which I wrote about above, but the packet losses remained, along with these strange "inclusions" of protection from attacks. How can I receive attacks with such firewall rules? Does this mean that the attacks come from inside the OVH network? Or maybe something is broken in OVH?

I wrote to support again with this question, did tests (including mtr and tcpdump), in response I received a template response from support... :\

I apologize for such a large amount of text, but this problem has become a bit annoying.

I have been using ovhcloud services for years, I have been renting this server for over a year, and I have never had any problems until now. And, apparently, the support is not in a hurry to help with this, apparently thinking that I broke everything myself...

If the traffic is passing to your server, maybe you want to add before the allow policy drop TCP frags.
On the other hand, you are just allowing the non-syn packets, so you might need to have also in place a rule to allow syn traffic with destination the server you want to reach inside the server.

Example if you are hosting a website and access via ssh and TCP Frags are hitting your server:
0. Drop TCP frags

1. Allow TCP, dst port 443, SYN
2. Allow TCP, dst port 443, Established
3. Allow TCP, dst port 22, SYN
4. Allow TCP, dst port 22, Established
5. Drop IPv4

Please tell me, can I be attacked with these rules?
Is TCP status 'established' only allow any attacks?
https://cdn.discordapp.com/attachments/1267507855037300818/1267507855288696994/firewall.png?ex=66a90a2d&is=66a7b8ad&hm=aa19f751f16ef86864b076333431a8e4c4b3e38e81a8f183f14118337f32454d&

with these rules you cant open new connections if edge firewall is active

someone is hitting the whole subnet my ip is in your range also

every ip from 135.125.188.0-135.125.188.255

gets packet loss

while this attack is going around

had the same attack at the same time

!support