DDoS Protection
In our Los Angeles, Miami, Secaucus, Kansas City, and Johor locations, we offer basic DDoS protection that can tank most basic attacks. An attack may lead to a complete IP nullroute or complete service suspension depending on the size, frequency, and complexity. We will do our best to contact you if we notice that there is a problematic trend of DDoS toward your service, but this may not always be possible, especially in cases where DDoS is starting to impact our entire network. As of November 4th, 2025, we no longer have the ability to provision additional DDoS-Protected IPs with firewall manager in our Los Angeles, Miami, Kansas City, and Johor locations.DDoS Protection Add-on
Price and Availability
For services in Nuremberg, we include DDoS mitigation by Avoro/Dataforest at no additional charge (this may change in the future). Services protected by Avoro/Dataforest have access to similar filters as those that are protected by NeoProtect, and have access to configurable firewall filters.Filters
Filters are only available for servers in our Nuremberg, DE location. Currently, we provide the following filters (this may change in the future) for servers located in Nuremberg, DE:| Name | Protocol | Action | Filter | Tags |
|---|---|---|---|---|
| SCP: Secret Laboratory | UDP | FILTER | SCP: Secret Laboratory | Default |
| Arma | UDP | FILTER | Arma Reforger | Default |
| Palworld | UDP | FILTER | Palworld | Default |
| TeamSpeak 3 Query/Filetransfer | TCP | FILTER | TeamSpeak 3 Query/Filetransfer | Default |
| AltV UDP | UDP | FILTER | AltV UDP | Default |
| AltV TCP | TCP | FILTER | AltV TCP | Default |
| txAdmin | TCP | FILTER | txAdmin | Default |
| OpenVPN | UDP | FILTER | OpenVPN | Default |
| FiveM TCP Ultra Strict | TCP | FILTER | FiveM TCP Ultra Strict | Default |
| FiveM TCP Strict | TCP | FILTER | FiveM TCP Strict | Default |
| Plasmo Voice | UDP | FILTER | Plasmo Voice | Default |
| UDP Light Generic | UDP | FILTER | UDP Generic | Default |
| HTTP | TCP | FILTER | HTTP | Default |
| Minecraft Java | TCP | FILTER | Minecraft Java | Default |
| any TCP application | TCP | FILTER | Stateful TCP | Default |
| Source Engine / A2S | UDP | FILTER | Source Engine / A2S | Default |
| FiveM TCP | TCP | FILTER | FiveM TCP | Default |
| FiveM UDP | UDP | FILTER | FiveM UDP | Default |
| RakNet (Rust, MC Bedrock, Terraria, 7 Days to Die, …) | UDP | FILTER | RakNet (Rust, MCPE, Terraria, …) | Default |
| QUIC | UDP | FILTER | QUIC | Default |
| DayZ | UDP | FILTER | DayZ | Default |
| TLS | TCP | FILTER | TLS | Default |
| TeamSpeak 3 | UDP | FILTER | TeamSpeak 3 | Default |
| WireGuard | UDP | FILTER | WireGuard | Default |
| any UDP application | UDP | FILTER | UDP Generic | Default |
| Remote Desktop Protocol | TCP | FILTER | RDP | Default |
| FiveM UDP Strict | UDP | FILTER | FiveM UDP Strict | Default |
| SSH | TCP | FILTER | SSH2 | Default |
Configuration
For servers in our Nuremberg, DE location, you will have access to a tab within the VPS control panel called the DDoS Protection.
We recommend enabling “Allow Egress Traffic” and “Symmetric Filtering” if it is available in this tab.
Set the “Default Action” to Drop in order to block all traffic unless it matches a specific rule. This means that if you want to allow something (like a port or app), you must create a rule for it, otherwise, it will be blocked.
Make sure to create firewall rules for each of the applications that you are running on your VPS. For example, if you have SSH on port 22, make a firewall rule with: