You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As the Celestia network grows, it attracts validators from various regions, some of which may have limited network security infrastructure or vulnerabilities to attacks like DDoS and network flooding. Currently, many validators rely on third-party security measures or basic firewall settings, which may not provide sufficient protection against malicious traffic as the network scales. To ensure the resilience and uptime of validator nodes, it is important to implement more robust, node-level security directly on the server infrastructure.
FireHOL, a lightweight and flexible firewall management tool, allows validators to efficiently handle IP blacklists, traffic filtering, and rate limiting, thereby safeguarding the node from malicious actors. FireHOL leverages iptables and ipsets to manage firewall rules dynamically, enabling validators to block known bad actors using public blocklists and mitigate DDoS attacks by rate-limiting traffic to critical ports. This approach offers a streamlined, low-maintenance solution for validators to enhance node security without relying solely on external protections.
Features to implement
Traffic filtering and rate limiting to mitigate potential DDoS attacks.
Dynamic IP blocking using blacklists Emerging treats
Flexible firewall rules that allow only necessary traffic for Celestia node operations.
We apologize for creating a PR before the discussion, which can be seen here #1759
Best
Geodd
The text was updated successfully, but these errors were encountered:
Motivation
As the Celestia network grows, it attracts validators from various regions, some of which may have limited network security infrastructure or vulnerabilities to attacks like DDoS and network flooding. Currently, many validators rely on third-party security measures or basic firewall settings, which may not provide sufficient protection against malicious traffic as the network scales. To ensure the resilience and uptime of validator nodes, it is important to implement more robust, node-level security directly on the server infrastructure.
FireHOL, a lightweight and flexible firewall management tool, allows validators to efficiently handle IP blacklists, traffic filtering, and rate limiting, thereby safeguarding the node from malicious actors. FireHOL leverages iptables and ipsets to manage firewall rules dynamically, enabling validators to block known bad actors using public blocklists and mitigate DDoS attacks by rate-limiting traffic to critical ports. This approach offers a streamlined, low-maintenance solution for validators to enhance node security without relying solely on external protections.
Features to implement
We apologize for creating a PR before the discussion, which can be seen here #1759
Best
Geodd
The text was updated successfully, but these errors were encountered: