Firewall | OVHcloud | Page 1

cold osprey Feb 5, 2025, 4:01 PM

#

How does the priority works
Is this how?

sweet lake Feb 5, 2025, 4:08 PM

#

cold osprey How does the priority works Is this how?

The priority is First rule hit = No other rules are applicable.

You should add to Rule 19 - Drop all IPv4

Rather than adding TCP/UDP Blocks.

If you need outbound network to the internet for updates, etc. You would add on Rule 18 - Allow TCP - Established Option from the Dropdown.

Keep in mind that edge applies for inbound packets, so unless you have an active service Running on Port 80 and 443, they are not required since Destination port is the port your server would be listening on for connections.

cold osprey Feb 5, 2025, 4:11 PM

#

Thanks, i had drop ipv4 rule but couldnt access internet going to try wehat you said

sweet lake Feb 5, 2025, 4:12 PM

#

The reason the TCP Established rule is required is due to General ACK packets to establish connections need to be accepted inbound, and without that the Edge firewall just drops them.

cold osprey Feb 5, 2025, 4:13 PM

#

Looks correct?

sweet lake Feb 5, 2025, 4:15 PM

#

Yes

cold osprey Feb 5, 2025, 4:15 PM

#

Can't ping 1.1.1.1 yet

sweet lake Feb 5, 2025, 4:17 PM

#

It can take a few minutes for rules to apply, but if you refer to ICMP Ping, you need to enable ICMP on the edge firewall.

#

or the 1.1.1.1 IPv4

cold osprey Feb 5, 2025, 4:18 PM

#

thx

#

everythinhg works

cold osprey Feb 5, 2025, 6:27 PM

#

Sorry to bother you

#

for some reason it cannot contact steam after i enable firewall

#

UpdateUI: skip show logoSteam Console Client (c) Valve Corporation - version 1738027521
-- type 'quit' to exit --
Loading Steam API...OK
"@sSteamCmdForcePlatformBitness" = "64"

Connecting anonymously to Steam Public...Retrying. . .
Retrying. . .

#

if i turn off working perfectly

sweet lake Feb 5, 2025, 6:33 PM

#

check nano /etc/resolv.conf

You most likely are not using OVH DNS, and maybe running into DNS resolution errors.

Otherwise, you can also try to enable UDP on the Edge, but I've not seen that as necessary to install SteamCMD or anything, as it worked for me on an OVH VPS Test with only rule 18 allow established activated.

#

OVH DNS Server is: 213.186.33.99

#

There is also an IPv6 one.

nameserver 213.186.33.99
nameserver 2001:41d0:3:163::1

#

Should be in /etc/resolv.conf

cold osprey Feb 5, 2025, 7:01 PM

#

it is using ovh dns

#

ill try 1.1.1.1 tho

#

nope i couldnt even access anything then :D

charred walrus Feb 5, 2025, 7:34 PM

#

53 udp source

sweet lake Feb 5, 2025, 7:35 PM

#

If using ovh DNS you do not need the rule of allowing 53 since it is internal

cold osprey Feb 5, 2025, 11:03 PM

#

Did not help opening 53

cold osprey Feb 7, 2025, 1:52 AM

#

sweet lake If using ovh DNS you do not need the rule of allowing 53 since it is internal

Is there no way to allow all outgoing connections?

sweet lake Feb 7, 2025, 1:52 AM

#

outgoing is already allowed, edge is inbound

#

tcp established allows acception of all ACK Based TCP Packets

#

so if your server sends a SYN request to some other server, it can Receive the SYNACK/ACK/PSHACK/Whatever else needed

cold osprey Feb 7, 2025, 1:53 AM

#

ah okay

#

am still struggling with this issue

sweet lake Feb 7, 2025, 1:54 AM

#

does allowing all UDP help?

cold osprey Feb 7, 2025, 1:54 AM

#

Give me a second ill let you know

#

am testing this now

#

sweet lake Feb 7, 2025, 1:55 AM

#

I never had an issue with having UDP dropped, so it's strange, I was able to install SteamCMD and a Rust server (didnt run the rust server) but it all installed with just TCP Established on Edge, drop all else

cold osprey Feb 7, 2025, 2:02 AM

#

yep worked with udp allowing all

cold osprey Feb 7, 2025, 2:26 AM

#

Does this help in someway?

#Firewall