What This Integration Does
If you run game servers on Pterodactyl Panel, you already know that DDoS attacks are the most common operational headache. A single angry player can take down an entire Wings node, dragging every server on that machine offline with it.
Until now, protecting a Pterodactyl environment with Flowtriq meant installing the agent on each Wings node and manually configuring service ports so the agent knew which ports belonged to legitimate game traffic. That worked, but it was extra setup work, and it had to be repeated every time you added, removed, or changed a game server.
The Flowtriq for Pterodactyl addon eliminates that manual step entirely. When a server is created, updated, or deleted in Pterodactyl, the addon automatically syncs the port allocations and protocol information to Flowtriq. The agent picks up the new configuration and immediately starts monitoring those ports with the correct protocol classification.
Here is the flow:
Player creates a Minecraft server in Pterodactyl
|
v
Addon detects the new allocation (port 25565, TCP)
|
v
Syncs port + protocol to Flowtriq via API
|
v
ftagent on the Wings node picks up the new config
|
v
Traffic to port 25565 is now monitored as "service" traffic
|
v
Attack traffic to any other port triggers detection + blocking
The whole process happens without anyone touching a config file or logging into the Flowtriq dashboard.
Why This Matters for Game Server Hosts
Game hosting operators using Pterodactyl typically manage dozens or hundreds of game servers across multiple Wings nodes. Each server runs a different game with different port requirements and protocols. Minecraft Java uses TCP on port 25565. Rust uses UDP on 28015. FiveM uses both TCP and UDP on 30120. Valheim needs three UDP ports per server.
Keeping track of all those ports manually is tedious and error-prone. Worse, when a customer orders a new server or changes their allocation, the DDoS protection configuration has to be updated too. Without that update, the agent does not know which traffic is legitimate game traffic and which traffic is potentially malicious.
The Pterodactyl addon solves this by keeping Flowtriq's service port registry in sync with Pterodactyl's allocation table. The addon knows that a server running the "Minecraft Java" egg should be classified as TCP traffic. A server running the "Rust" egg gets classified as UDP. It ships with protocol mappings for over 20 games out of the box:
Game Protocol Game Protocol ----------------------------------------------------- Minecraft (Java) TCP Rust UDP Minecraft Bedrock UDP ARK UDP FiveM / RedM Both CS2 / CSGO Both Garry's Mod UDP Valheim UDP Terraria TCP Palworld UDP TeamSpeak UDP Squad UDP
Games not in the built-in list default to monitoring both TCP and UDP. You can extend the protocol map in the addon's config file for any custom eggs your panel uses.
Two Deployment Modes
The addon supports two deployment architectures depending on how your infrastructure is set up.
Per-Wings mode (recommended)
Install one ftagent per Wings node. Each Wings node maps to its own Flowtriq node. The addon syncs each server's ports to the correct Flowtriq node based on which Wings node hosts it. This gives you per-node detection, per-node firewall rules, and per-node incident history.
This is the recommended mode because it keeps detection local to each node. An attack on Wings node A triggers mitigation on node A without affecting node B. If a node goes down, the others continue monitoring independently.
Central mode
Run a single ftagent on the Panel server and aggregate all ports from all Wings nodes into one Flowtriq node. This is simpler to set up but gives you less granular visibility. It works well for small deployments with two or three Wings nodes where running a separate agent on each is unnecessary overhead.
Installation
The addon installs directly into your Pterodactyl Panel instance. You need a Flowtriq account and the ftagent already running on your Wings node(s).
Step 1: Install the addon
cd /var/www/pterodactyl unzip flowtriq-pterodactyl-v1.0.0.zip -d . composer require flowtriq/pterodactyl-addon php artisan migrate php artisan flowtriq:install
The flowtriq:install command runs an interactive wizard that prompts for your Flowtriq API URL and deploy token. You can find the deploy token in Flowtriq > Settings > API.
Step 2: Configure the deployment mode
Set your preferred mode in .env:
FLOWTRIQ_API_URL=https://flowtriq.com FLOWTRIQ_DEPLOY_TOKEN=your-deploy-token FLOWTRIQ_MODE=per_wings
Or configure everything from the Pterodactyl admin panel under Admin > Flowtriq. The admin UI lets you set API credentials, choose deployment mode, and map individual Wings nodes to their corresponding Flowtriq nodes.
Step 3: Initial sync
After installation, run a one-time sync to push all existing server allocations to Flowtriq:
php artisan flowtriq:sync
This command iterates through every active server in your panel, collects its port allocations and egg name, determines the protocol, and pushes the full service port list to each mapped Flowtriq node. Depending on how many servers you have, this takes a few seconds.
Step 4: Verify
Check that the connection is working:
php artisan flowtriq:status Flowtriq Connection Status --------------------------- API URL: https://flowtriq.com Auth: OK (deploy token valid) Mode: per_wings Wings Nodes: wings-us-01 -> flowtriq node a1b2c3d4 [OK, 47 service ports synced] wings-eu-01 -> flowtriq node e5f6g7h8 [OK, 31 service ports synced] System ports (always protected): 8080/tcp Wings daemon 2022/tcp SFTP
The addon automatically safelists Wings management ports (8080 for the daemon API, 2022 for SFTP) so they are always treated as legitimate service traffic, regardless of what game servers are running on the node.
What Happens After Setup
Once the addon is installed and the initial sync is complete, everything is automatic:
- Server created: A customer creates a Minecraft server through the Pterodactyl panel. The addon detects the new allocation, identifies it as TCP (from the Minecraft egg), and syncs the port to Flowtriq. The ftagent on the Wings node picks up the updated config within minutes.
- Server deleted: A customer cancels their server. The addon removes the port from Flowtriq's service port list. Traffic to that port is no longer classified as service traffic.
- Port changed: An admin reassigns a server to a different allocation. The addon updates Flowtriq with the new port automatically.
- Attack detected: A UDP flood targets port 28015 on one of your Wings nodes. The ftagent detects the anomaly, classifies the attack vector, and deploys iptables rules to drop the attack traffic. The addon polls Flowtriq for active incidents and displays the attack status in the Pterodactyl panel so both operators and server owners can see what is happening.
Server Owner Visibility
One of the most requested features from game hosting operators is a way to show customers that their server is protected. The Pterodactyl addon adds a DDoS status view to the server owner's panel that shows:
- Whether protection is active on their server's node
- Any active incidents affecting their server
- Recent attack history with timestamps and classification
This visibility reduces support tickets during attacks. Instead of a customer opening a ticket saying "my server is lagging," they can see in their panel that a DDoS attack was detected, the attack type, and that mitigation is active. It turns a frustrating experience into a transparent one.
How Detection and Mitigation Work
The ftagent on each Wings node reads kernel-level network counters every second. It builds a rolling baseline of normal traffic for the node and flags deviations that cross the threshold. For Pterodactyl environments specifically, this baseline adapts to the bursty nature of game traffic, such as wipe days in Rust, new map releases in Minecraft, or peak hours when every server on the node has active players.
When an attack is detected, the agent can:
- Deploy iptables/nftables rules in the
DOCKER-USERchain (the correct chain for Docker container traffic, which Pterodactyl uses) - Send alerts to Discord, Slack, PagerDuty, or any webhook endpoint
- Capture PCAP data for forensic analysis and abuse reporting
- Trigger upstream scrubbing via BGP FlowSpec or Cloudflare Magic Transit
The DOCKER-USER chain detail is critical for Pterodactyl. Standard iptables INPUT rules do not apply to traffic routed to Docker containers. The agent applies rules in the correct chain automatically, so firewall rules actually work for container-based game servers.
For a deep dive into Docker firewall rules and Pterodactyl-specific hardening, see our Pterodactyl Panel DDoS Protection Guide.
Compatibility
The addon works with:
- Pterodactyl Panel 1.11+ (Laravel 10 and 11)
- PHP 8.1+
- Any Linux distribution supported by the ftagent (Ubuntu, Debian, CentOS, Rocky, Alma, Fedora)
- Any Wings node running Docker with the default bridge network
If you are running a Pterodactyl fork like Pelican, the addon should work since it hooks into standard Laravel events and Eloquent observers. We have not officially tested every fork, but the underlying architecture is compatible.
Getting Started
The addon is available now. To get set up:
- Sign up for a Flowtriq account if you do not have one (14-day free trial, no credit card required)
- Install the ftagent on your Wings nodes (
pip install ftagent && sudo ftagent --setup) - Install the Pterodactyl addon and run
php artisan flowtriq:install - Run
php artisan flowtriq:syncto push your existing allocations
The entire process takes about 10 minutes per Wings node. After that, every game server your panel creates is automatically protected.
Start your free 14-day trial. Flowtriq gives you real-time DDoS detection across all your Pterodactyl Wings nodes with automatic port sync, game-aware baselines, and on-node firewall rules. No credit card required. Sign up here and have your first node protected in under 10 minutes.