FastNetMon Advanced offers a complete, production-ready integration with GCore Global DDoS protection service.
Please check that your version of FastNetMon is 2.0.373 or newer.
To use this capability, please create an API access key in your portal this way:
How FastNetMon scrubbing centre diversion work?
When FastNetMon detects an attack against an IP address, it determines /24 prefix for IP which is under attack and then announces it to the scrubbing centre. When a ban time expires, FastNetMon removes the announce from the scrubbing centre using their API.
Then use fcli to specify API key:
sudo fcli set plugin scrubbing_services_integration provider_name gcore sudo fcli set plugin scrubbing_services_integration gcore_api_token very-secure-code sudo fcli set plugin scrubbing_services_integration log_path /var/log/fastnetmon/fastnetmon_scrubbing_services_integration.log
And enable callback logic on FastNetMon:
sudo fcli set main notify_script_enabled enable sudo fcli set main notify_script_format json sudo fcli set main notify_script_path /opt/fastnetmon/libraries/scrubbing_services_integration_plugin/scrubbing_services_integration sudo fcli commit
After this, we recommend manually blocking some IP addresses from the test prefix and checking that it works as expected.
You can do it in the following way:
sudo fcli set blackhole 1.2.3.4
To unblock, list all blocked hosts with their UUIDs:
sudo fcli show blackhole
And unblock:
sudo fcli delete blackhole <uuid>
Integration logic has very detailed logging, and you can find the log file here: /var/log/fastnetmon/fastnetmon_scrubbing_services_integration.log