Back to Blog

Two New Integrations

Starting today, Flowtriq supports two new integrations: CrowdSec for collaborative threat intelligence and Linode/Akamai cloud firewall lockdown for automated perimeter blocking. Both are available on all plans and can be enabled from Dashboard > Integrations.

CrowdSec joins the existing integrations page alongside iptables, AbuseIPDB, and generic webhook. Linode joins the cloud scrubbing and firewall providers alongside Cloudflare, OVH, Hetzner, Vultr, DigitalOcean, AWS, Google Cloud, and Azure. That brings the total to 9 supported scrubbing and firewall providers.

CrowdSec: Collaborative Threat Intelligence

CrowdSec is an open-source security platform that maintains a real-time blocklist of malicious IPs, shared across all participants. It works on a simple model: security agents (called bouncers) read ban decisions from a local API (LAPI) and enforce them at the firewall, reverse proxy, or application layer.

Flowtriq now pushes attacker IPs as ban decisions directly to your CrowdSec LAPI instance. When a DDoS incident resolves and the attacker IPs are confirmed, Flowtriq sends each IP as a ban decision with the attack scenario, origin metadata, and a configurable ban duration.

This means every CrowdSec bouncer in your infrastructure, whether it is running on your nginx reverse proxy, your iptables firewall, or your Kubernetes ingress, immediately starts blocking those IPs. No manual intervention, no copy-pasting IP lists.

What gets sent to CrowdSec

  • Each attacker IP is pushed as an individual ban decision
  • The decision includes the attack type (e.g., "flowtriq/udp-flood") as the scenario
  • Ban duration is configurable per integration: 1 hour, 4 hours, 12 hours, 24 hours, 3 days, or 7 days
  • Decisions fire on incident resolution, not during the attack, so only confirmed attacker IPs are banned

How to set up CrowdSec

  1. Install CrowdSec on your infrastructure if you have not already. The LAPI needs to be reachable from Flowtriq's servers (a public endpoint or VPN).
  2. Generate a bouncer API key: 
    sudo cscli bouncers add flowtriq
  3. In the Flowtriq dashboard, go to Integrations and click Add Integration.
  4. Select CrowdSec, enter your LAPI URL (e.g., https://crowdsec.example.com:8080) and the bouncer API key.
  5. Set your preferred ban duration and save.

The next time an incident resolves on any of your nodes, attacker IPs will be pushed to CrowdSec automatically.

Linode/Akamai Cloud Firewall Lockdown

Linode (now part of Akamai) provides cloud firewalls that sit in front of your Linode instances. Flowtriq can now automatically add DROP rules to your Linode cloud firewall during an active DDoS attack, blocking attacker IPs at the network edge before traffic reaches your server.

This works differently from the CrowdSec integration. Cloud firewall lockdown fires during the attack (not after resolution) because the goal is to reduce traffic hitting the node while the attack is ongoing. When the incident resolves, the rules are automatically cleaned up.

How to set up Linode cloud firewall

  1. Generate a Linode API token with read/write access to Firewalls at cloud.linode.com/profile/tokens.
  2. Create a cloud firewall in the Linode dashboard and attach it to your Linode instances (or use an existing one).
  3. In the Flowtriq dashboard, go to Integrations and click Add Integration.
  4. Select Linode Cloud Firewall, paste your API token, and select the firewall to manage.
  5. Save the integration.

During an attack, Flowtriq adds inbound DROP rules for attacker IPs to the selected Linode firewall. The rules are tagged so Flowtriq can identify and remove them when the incident ends.

Full List of Supported Providers

With these additions, Flowtriq now supports 9 cloud scrubbing and firewall providers for automated mitigation:

  • Cloudflare (Magic Transit / IP Access Rules)
  • OVH (Game DDoS Protection / IP Firewall)
  • Hetzner (Firewall API)
  • Vultr (Firewall Groups)
  • DigitalOcean (Cloud Firewalls)
  • AWS (Security Groups / Network ACLs)
  • Google Cloud (VPC Firewall Rules)
  • Azure (Network Security Groups)
  • Linode/Akamai (Cloud Firewalls) -- new

On the integrations side, the full list is now:

  • iptables -- auto-generate DROP rules pushed to the agent
  • AbuseIPDB -- report attacker IPs to the global threat intel database
  • CrowdSec -- push ban decisions to your CrowdSec LAPI -- new
  • Generic Webhook -- send signed JSON payloads to any HTTP endpoint

All integrations are included on every plan. There is no add-on fee. Configure them from Dashboard > Integrations or read the full setup docs at /docs?section=integrations.

Back to Blog

Related Articles

Integrations

PagerDuty escalation policies for DDoS incidents

How to set up severity-based escalation in Flowtriq and PagerDuty.
Mitigations

4-level auto-escalation: from local firewall to cloud scrubbing

The auto-escalation chain from iptables to BGP FlowSpec to cloud scrubbing.
Integrations

Integrating DDoS detection with Grafana, Prometheus, and Datadog

Pipe detection data into your existing monitoring stack.