DDoS Protection
DDoS mitigation has 2 modes
- Always-ON: traffic towards these IPs is always filtered, good for services that are very sensitive to an abrupt load of traffic, some traffic can be rate-limited.
- Sensor: the protection is inactive until an attack is detected and mitigation starts, DDoS Attacks are usually detected within 1-2 seconds.
You can change these modes from the control panel of your service(s).
Protected ports
| Protocol | Destination Port(s) | Filter type |
| TCP | 0 - 65535 | Generic TCP multi-purpose filtering |
| TCP | 25500 - 25599 | Minecraft TCP filtering |
| UDP | 1190 - 1999 | OpenVPN filtering |
| UDP | 9000 - 9999 | TeamSpeak3 filtering |
| UDP | 2302 - 2304 | DayZ filtering |
| UDP | 1190 - 1199 | OpenVPN UDP filtering (BETA) |
| UDP | 27000 - 27031 | Counter-Strike Source, Counter-Strike 1.6, Counter-Strike Global Offensive (GO) filtering, ARK: Survival Evolved, Valheim, Space Engineers, 7 Days to Die |
| UDP | 27032 - 27079 | Garry's Mod filtering |
| UDP | 8300 - 8399 | DDNet filtering |
| UDP | 28010 - 28020 | Rust filtering |
| UDP, TCP | 30100 - 30200 | FiveM and RedM filtering |
| UDP | 7785 - 7790 | SCP: Secret Laboratory (currently disabled) |
| UDP | 19100 - 19499 | Minecraft Bedrock filtering |
ICMP
Echo-Reply packets are rate-limited, we do not recommend the use of ICMP packets if you need a safe way to check the latency and/or the status of your service(s).
DNS
Incoming DNS replies are restricted to the most used and famous DNS servers, you can also use our recursive DNS caching servers 45.141.57.6, 45.141.57.8, traffic from other DNS resolvers can be allowed on request.
NTP
Incoming NTP replies are restricted to 162.159.200.123, 162.159.200.1 (time.cloudflare.com).
