Currently, at Vibeshost, we primarily use Path.net for our services. However, we are in the process of implementing Gcore and developing a new custom management panel for filter control. Once this new panel is released, this guide will be updated accordingly.
For now, it’s only possible to manage ports on Path.net by requesting the activation of the management panel through a support ticket.
Path.net Dashboard Guides
We are working on a new version of the panel that will unify the APIS, this guide will become obsolete with the release of the new panel, but it will serve until now.
To manage your path.net filters and rules you will need to request to a operator using a ticket and sending your service IP, once the support team confirm you that the service is added to your account you will see the following on your customer area:
Click on manage and "Open Control Panel"
Once you login on the page, you will see a dashboard like this
To manage the rules, api's, filters and view the attacks check the other tabs
To create rules you need to go to the dashboard and select "Firewall Rules"
Select "Create rule" button or use a rule template, in some cases it allows you to open a multiple ports for a know function like a website or a steam game.
Once you're on the create rule screen you will see that:
Fast and easy explanation of each function
Source Type(s)
Allow you to select if you want to whitelist one source ip to a destination ip or if you want to allowlist / blacklist everything, or maybe a cloudflare ips
Source Type
Allows you to asign a network type or a ASN, it works fine if you want to allowlist/blacklist a entire ASN
Protocol
Allows you to select the protocol that you want to apply. (TCP/UDP/ICMP) etc...
Source
The source ip that you want to put (only if you want to allowlist or blacklist one external ip) for example to allowlist a cloudflare /24 range to your IP Address.
Destination
The VPS / Server IP Address.
Action
Whitelist -> Allows the traffic of the rule that you're doing.
Block -> Block / Drop rule.
Rate Limit -> Allow you to apply a ratelimit to the rule.
Comment
It works fine to identify the rules and why did you create this rule, we recommend to put the service in comments to identify the port.
This is a table with all the filters that are working on path.net and a little description of the function of this filter.
Source Engine Queries:
Layer 7 proxy for Source Engine queries. Can be enabled alongside RakNet or the HL2/Source filter.
RakNet Server (v2):
Layer 7 packet validation for RakNet game packets. Can be enabled with the Source Engine query filter.
TCP Service:
Stricter packet validation for incoming TCP packets to a listening port.
TCP Service (symmetric):
Full packet validation for incoming TCP connections. Requires that return traffic is routed through Path.
Minecraft Java Edition Server (symmetric):
Full packet validation for Minecraft Java Edition traffic. Requires that return traffic is routed through Path.
Half Life 2/Source Server:
Packet validation for Half Life 2/Source UDP traffic.
GTA V Multiplayer Server (beta):
Layer 7 packet validation for GTA V multiplayer traffic. Requires symmetric traffic routing.
DNS Server:
Layer 7 packet validation for DNS queries.
WireGuard Server:
Layer 7 packet validation for WireGuard VPN servers. Note: To avoid packet loss from fragmentation, it is recommended to adjust your MTU to 1360.
Arma 3 Server (beta):
Layer 7 packet validation for Arma 3 game servers. Currently, DayZ is not supported.
STUN Server:
Layer 7 packet validation for STUN servers.
SA-MP Server Queries:
Layer 7 proxy for SA-MP (San Andreas Multiplayer) server queries.
L4D2/CS:GO Source:
Layer 7 proxy for Source games using the L4D2 Source engine version. Includes Left 4 Dead, Left 4 Dead 2, Counter-Strike: Global Offensive, and Portal 2.
RakSAMP Filter:
Layer 7 validation for SA-MP game traffic.
QUIC Server:
Layer 7 packet validation for QUIC.
SIP Server:
Layer 7 packet validation for SIP.
DTLS Server:
Layer 7 packet validation for DTLS.
RTP Server:
Layer 7 packet validation for RTP.
Renegade X Server:
Layer 7 packet validation for Renegade X game traffic.
DayZ Server:
Layer 7 packet validation for DayZ game traffic.
Squad/Post Scriptum Server:
Layer 7 packet validation for Squad and Post Scriptum game traffic.
Quake 3 Server:
Layer 7 packet validation for Quake 3 game traffic.
ASE/Multi Theft Auto Queries:
Layer 7 proxy for ASE queries.
V Rising/ARK Server:
Layer 7 packet validation for V Rising and ARK: Survival Evolved game traffic.
LiteNetLib Server:
Layer 7 packet validation for games using LiteNetLib, such as 7 Days To Die.
Lineage II Server:
Layer 7 packet validation for Lineage II Interlude servers.
Steamworks Server:
Layer 7 packet validation for Steamworks game packets. Can be enabled with the Source Engine query filter.
FiveM Server Queries:
Layer 7 proxy for FiveM server queries.
Once your firewall is set up, you can apply application-specific filters to further enhance protection
Choose Your Service: Identify the service (e.g., OpenVPN, TeamSpeak, Minecraft, GTAV, Rust) that requires protection
Select the Appropriate Filter
For specific game servers or services, select the appropriate filter type. For instance, if you’re running an OpenVPN UDP Server, you would apply the Layer 7 packet validation filter for OpenVPN traffic.
If you’re running a TCP Service, you can choose the regular TCP Service filter or the “TCP Service (symmetric)” if return traffic must be routed back through Path’s network.
• Save Configuration: After selecting your filters, make sure to save your changes.
By default, Vibes Host provides a configuration that ensures a high level of security for your service. Be sure to open only the ports you actually need, and remember to apply filters for proper protection.
