Your ISP doesn't offer firewall by default?, and then you could pair it up with a server-based firewall.
Between the first line of defense, the ISP blocking nearly all indbound traffic except 443, and then the white- / black- listing firewalls on the server for fine-grained control ... you should have most of it covered. ISP firewall should be able to detect and block DDoS and other malicious attacks before they get to your server.
The thing is, unless I forward a given piece of traffic to my server, it gets blocked at the router anyhow.
I have zero control over what this "built in firewall" does, and so I don't need it. The last router obviously didn't have it -- because I only saw 80% of my traffic blocked after I enabled this feature on the new router.
My server has a professional, industry-standard software firewall, and it works well.
I might play around with it later. There were two settings, one for "firewall on/off" and one for "dos protection". I don't know which one was the culprit.
But this router is WAY better for looking at active connections, traffic, etc. I can get a list of IPs and what they're doing -- in real time. I feed that into a python script (that I just wrote with the help of AI) and it tells me which blocks have more than 10 connections. It's great. I just have to copy/paste from a certain screen on the router interface, and it's almost automated after that. I might be able to streamline the process even more in the future.
This router isn't technically "pro", but it's only 1/2 step below it. It's the fanciest gamer/consumer router I've ever seen. And it wasn't cheap. $630. Never bought that much router before.
Topic: NOTICE - CathInfo possible outage (Read 291 times)