Sometimes I create a game server with Internet access to it. This server has a little bug: someone’s lags causes whole server’s lags. Then I’ve found that laggy players has some several IP ranges. I’ve tried to block those ranges:
Step 1: I’ve added a rule for the main server application that allows everithing (TCP/UDP, In/Out, IP: Any, Port: Any)
Step 2: I’ve added a blocking rule for the first IP range (TCP/UDP, In/Out, IP: range 1, Port: Any)
Step 3: The same for the second IP range
An so on… (I’ve added about 7 IP ranges)
Then I started server, played some time and found that players with laggy IPs can easily connect to the server. And I can see them in Activity->Connections.
So what did I do wrong. And what should I do to block those laggy IPs?
Well, I’ve done some experiments. And the results are not good
If I have two or more rules for one application with the same parents, only one will work (here will work the rule that has less restrictions)
.
If I have two rules for one application - the first rule has a parent defined and the second rule has “Any parent” setting - only one rule works (which one will work depends on a parent application).
I hope that either I did something wrong or this bad thing will be fixed in the nearest future. I don’t want to throw away CPF.
Anyway, I think that Security->Application Monitor settings looks awful and uncomfortable.
