Simply allow the executables.

Originally posted by ReBoot:

Simply allow the executables.

Originally posted by A Large Man with No Plan:

Originally posted by ReBoot:

Simply allow the executables.

What do you mean with

Originally posted by ReBoot:

Simply allow the executables.

?
Maybe you could get into some details of what to do?

When I want to host something, simply allows the executable in the firewall. That is, I make a rule like "Allow all traffic for D:\hlds.exe".

I guess you're talking about the OVH (Hosting Company) Firewall on your public IP.

The workaround I adopted on my server is to allow all incoming connections on the OVH firewall except known spammers/dossers and setup Windows Firewall in my Windows Server machine to disallow any incoming connections (including ICMP) and allow only the server's executable and steamcmd.

Okay I think it is not really clear from what type of firewall I am talking about. I am talking about a hardware firewall not a software firewall, where I could allow specific applications to do everything. It is only a network firewall of our dedicated server, so I am not hosting a server from my PC or something and our OS is Debian 8. And everything worked fine, before I closed activated the firewall. The strange thing is, that you can normally connect and I am able to login to check for updates:

Redirecting stderr to '/root/Steam/logs/stderr.txt'
[ 0%] Checking for available updates...
[----] Verifying installation...
Steam Console Client (c) Valve Corporation
-- type 'quit' to exit --
Loading Steam API...Created shared memory when not owner SteamController_Shared_mem
OK.

Connecting anonymously to Steam Public...Retrying. . .
Logged in OK
Waiting for license info...OK
Success! App '4020' already up to date.
Update state (0x5) validating, progress: 0,10 (3917465 / 3825027148)
Update state (0x5) validating, progress: 11,51 (440175719 / 3825027148)
Update state (0x5) validating, progress: 31,46 (1203454649 / 3825027148)
Update state (0x5) validating, progress: 53,04 (2028671076 / 3825027148)
Update state (0x5) validating, progress: 74,83 (2862222794 / 3825027148)
Update state (0x5) validating, progress: 96,65 (3696985986 / 3825027148)
Success! App '4020' fully installed.

But a connection to the VAC servers doesn't seem to work because of this error:
Could not establish connection to Steam servers. (Result = 3)
Could not establish connection to Steam servers. (Result = 3)
which makes absolutely no sense??

Originally posted by Keviro GamingMine.net:

Okay I think it is not really clear from what type of firewall I am talking about. I am talking about a hardware firewall not a software firewall, where I could allow specific applications to do everything. It is only a network firewall of our dedicated server, so I am not hosting a server from my PC or something and our OS is Debian 8. And everything worked fine, before I closed activated the firewall. The strange thing is, that you can normally connect and I am able to login to check for updates:

Redirecting stderr to '/root/Steam/logs/stderr.txt'
[ 0%] Checking for available updates...
[----] Verifying installation...
Steam Console Client (c) Valve Corporation
-- type 'quit' to exit --
Loading Steam API...Created shared memory when not owner SteamController_Shared_mem
OK.

Connecting anonymously to Steam Public...Retrying. . .
Logged in OK
Waiting for license info...OK
Success! App '4020' already up to date.
Update state (0x5) validating, progress: 0,10 (3917465 / 3825027148)
Update state (0x5) validating, progress: 11,51 (440175719 / 3825027148)
Update state (0x5) validating, progress: 31,46 (1203454649 / 3825027148)
Update state (0x5) validating, progress: 53,04 (2028671076 / 3825027148)
Update state (0x5) validating, progress: 74,83 (2862222794 / 3825027148)
Update state (0x5) validating, progress: 96,65 (3696985986 / 3825027148)
Success! App '4020' fully installed.

But a connection to the VAC servers doesn't seem to work because of this error:
Could not establish connection to Steam servers. (Result = 3)
Could not establish connection to Steam servers. (Result = 3)
which makes absolutely no sense??

Can you access the HW firewall log?

Originally posted by Melody:

I guess you're talking about the OVH (Hosting Company) Firewall on your public IP.

The workaround I adopted on my server is to allow all incoming connections on the OVH firewall except known spammers/dossers and setup Windows Firewall in my Windows Server machine to disallow any incoming connections (including ICMP) and allow only the server's executable and steamcmd.

If I allow all traffic I won't need a firewall and how do you block "known spammers/ddosers" if you can only create 20 rules? 20 blocked IPs would not make a diffrence if you're under attack btw, we have a GAME Dedictaed Server so we also have OVHs Game Firewall but thats unimportant for my problem.

Originally posted by Keviro GamingMine.net:

Originally posted by Melody:

I guess you're talking about the OVH (Hosting Company) Firewall on your public IP.

The workaround I adopted on my server is to allow all incoming connections on the OVH firewall except known spammers/dossers and setup Windows Firewall in my Windows Server machine to disallow any incoming connections (including ICMP) and allow only the server's executable and steamcmd.

If I allow all traffic I won't need a firewall and how do you block "known spammers/ddosers" if you can only create 20 rules? 20 blocked IPs would not make a diffrence if you're under attack btw, we have a GAME Dedictaed Server so we also have OVHs Game Firewall but thats unimportant for my problem.

known spammers/ddossers -> OVH Firewall
"regular" firewall -> OS Firewall
Also, there are consolidation servers that avoid DDOS

Originally posted by Can you access the HW firewall log?:

No i can't access any logs, the only thing I can do is to add rules, remove rules and view some statistics about incoming and outgoing network traffic

Originally posted by Melody:

Originally posted by Keviro GamingMine.net:

If I allow all traffic I won't need a firewall and how do you block "known spammers/ddosers" if you can only create 20 rules? 20 blocked IPs would not make a diffrence if you're under attack btw, we have a GAME Dedictaed Server so we also have OVHs Game Firewall but thats unimportant for my problem.

known spammers/ddossers -> OVH Firewall
"regular" firewall -> OS Firewall
Also, there are consolidation servers that avoid DDOS

I really don't know what you mean ^^

Originally posted by Keviro GamingMine.net:

Originally posted by Melody:

known spammers/ddossers -> OVH Firewall
"regular" firewall -> OS Firewall
Also, there are consolidation servers that avoid DDOS

I really don't know what you mean ^^

OVH Firewall acts like a spam/ddos firewall, which won't help contain the network overload, but will preserve machine's CPU for a while, then the attack will be sent to consolidation structures.
My OS acts like a regular firewall, instead.

In a dedicated firewall, its easier to simply allow outgoing traffic and put manual attention into not installing crap on the actual work machine.

Originally posted by ReBoot:

In a dedicated firewall, its easier to simply allow outgoing traffic and put manual attention into not installing crap on the actual work machine.

Allow outgoing traffic? Then please tell me, which rule is missing for that ^^

Originally posted by Melody:

OVH Firewall acts like a spam/ddos firewall, which won't help contain the network overload, but will preserve machine's CPU for a while, then the attack will be sent to consolidation structures.
My OS acts like a regular firewall, instead.

So if I understood you correctly, I should just leave the firewall blank, because it does all alone? That would be a very nice idea if wanted to open any port on my server to be accesible from somewhere else. Even OVH writes in thier tips:

OVH Network Firewall settings: Ensure that only authorised and necessary ports are enabled on your server; don't miss any port or service so that disconnection due to incorrect settings is avoided. Use the Firewall Network interface on your OVH Control Panel or API.