Block an incoming port on a subdomain coming from DNS server

I have a server, with a combined apache website and sql gaming server on same server.  I have the domain being routed to a different nameserver/proxy with ddos protection, and made a seperate subdomain there that goes directly to the game server because it is game traffic and cannot use the services.  Everything works fine, but I want to block the incoming subdomain from accessing anything but the game server port on the destination server.  

Question: On the game server firewall, how can I only allow the incoming subdomain traffic to use a specific port, and block all other ports?  I don't want it to impact the website traffic using the domain name and ports 80/443
icecom4Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
First port blocking will only be useful, if there's something actually listening on a port.

If someone scans ports all day... no real effect... The problem occurs when there's a listener for a Bot or Hacker to attack.

Easy solution, just run Apache on your subdomain + have no concern about other ports.

Now... Likely you run SSH or SFTP or IMAP or something else on this subdomain, so what you'll use is Fail2Ban.

Fail2Ban - unsung hero of the entire Net - runs where ever machines have smart admin's behind the scenes.

With Fail2Ban, you'll create simple recipes looking for nefarious behavior... Here's an example, which will likely be installed be default when you install Fail2Ban.

1) Watch /var/log/auth.log (or secure or wherever your Distro logs login pass/fail info)

2) Count the login fails.

3) If login fails for a time period are exceeded (say 5 bad logins over a 0-30 minutes occurs) then...

4) Run iptables to block the attacking IP for an hour.

5) After an hour drop the block.

This provides a completely unattended mechanism to block/unblock attackers, so you'll never muck about with iptables rules yourself.

In fact, if you're bored sometime, watch your /var/log/fail2ban.log file + I guarantee you will be surprised by how frequently Fail2Ban blocks attacks.
0
icecom4Author Commented:
My goal was to prevent users from using the subdomain to accessd the website as non SSL, and only allow the 1 game port if using the subdomain.

However, since you brought this up.  I use windows and currently have a combo of SEP firewall and another tool Cyberarms that monitors failed login attempts.  I see there is a windows port for Fail2ban called "wail2ban" which I am interested in.  However, how does the firewall integration work on such scripts?  Are they trying to modify the OS firewall?  I wonder if SEP will allow it since it manages the firewall.
0
icecom4Author Commented:
There is no effective way to do this, however I made a work around, the subdomain uses http so I put a java script in landing page redirecting http (not https) to an error page.  This means domain loads page, subdomain gets error.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.