[Firewall] Securing your TeamSpeak 3 server - from a DevOps perspective

Derp

Derp

Retired Staff
Contributor
Apr 30, 2015
933
1,014
217
bl4uni said:
I think the guest group would also have ban bypass permission, just the "Banned" group wouldn't have. So nobody would be banned by default. Still, pretty much work just for a working ban system, easier to ban ipranges and if someone comes back just ban him again. Nobody will try 100 VPNS just to be annoying and in the end you would have every VPN banned.
Click to expand...

IPRanges is not suggested. Especially if you run a huge community. You don't want innocent people getting banned, do you?
 
U

User_418

why-am-i-even-here said:
I don't really see any use in that. If I understand correctly, every client would be banned by default and would have to be unbanned manually. However, you cannot easily do that as the client ID of these "auto-banned" clients is not logged in a way the bot could see them AFAIK. This also makes for a pretty poor UX: trying to join a server, being banned "instantly" and having to retry joining?
Correct me, if I misunderstood you.

Of course everyone can adapt our system as to how it might fit their use case in the best way. This is what serves us best so far. :)
Click to expand...

I meant to use your system with "automatically assign a specific group to all identities connecting from that IP address" where specific group is the only group without Ignore Bans permission.
 
Last edited by a moderator:
bl4uni

bl4uni

Active Member
Sep 10, 2015
106
69
73
Derp said:
IPRanges is not suggested. Especially if you run a huge community. You don't want innocent people getting banned, do you?
Click to expand...
Okay, maybe this is just me but if I was running a huge community I wouldn't really care about one or two false-positives. And if you're just running a normal server the chance of two people using the same isp and getting exactly the same x.x.x.0/8 ip would be pretty low.
 
TiREX

TiREX

Member
May 7, 2015
15
2
38
Hi, how to reverse connection to default teamspeak port (9987)?

I think to:
1. Create main server for DNS automatic redirect for LAX server.
2. Create Einstein server.
3. Create LAX server.
4. Configure my domain to DNS server.

or

1. Create Einstein server.
2. Create LAX server.
3. Configure redirect to LAX server.
4. Create on LAX server emulator of teamspeak3 server (udp server) and throw connection to einstein.
 
Last edited:
MrErne

MrErne

Member
Sep 14, 2015
7
4
38
Could you make an exmaple of the configuration of Lax server (Iptable or Proxy pass) ?
And for cloudfare record and Einstein ?

Thank you very much for the post, you give me lot of idea :)
 
You must log in or register to reply here.
Top