What are the base elements to do for a working and secure FreeBSD system to run Metin2 server?

[Arvydas 0]

Hello,

I would like to know what to do on a FreeBSD to make it 100% compatible with Metin2 and to be secure.
I know MySQL server is needed for the database. What else? And how to make the system secure against attacks and exploits? (DDoS protection is provided)

[Shogun 4483]

There's no single "Metin2" set of files but generally speaking you'd need to install 32 bit compatibility libraries.

As for system security:

Create a non-root user. Put your game in his home directory. Add him to the wheel group. Create ssh keys for him.

Disable Permit Root Login, Password Authentication, Challenge-Response Authentication, PAM in /etc/ssh/sshd_config so you can only login with this ssh-key. You can always use IPMI/KVM/etc on an emergency. Change the SSH port to some random high number between 32000 and 65000. Restart sshd_config.

Do not bind mysql server to a public IP and if you have to, use an IP whitelist in PF or in a hardware firewall like OVH's. If you use Navicat and such, use SSH authentication. Do not leave port 3306 open to public.

Do not bind db to a public IP, and if you have to, whitelist the necessary IPs.

Install pf and set it up to accept only the necessary ports. If you have less than 15 ports that need opening, you can use the OVH firewall if you are in OVH.

There's hundreds of exploits working on the original leaked source. Get some good files like martysama's.

As for DDoS protection: use Cloudflare. Use origin pulls. Whitelist Cloudflare IPs. Set rate limits on NGINX. Set timeouts. Cache database accesses such as "Top Players" to not directly execute expensive database queries which are easy targets for DDoS.

I could go on, but the only good answer here is, if you're serious about doing something, get someone who knows his stuff.