Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 7 attack families with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications Hackathon Sponsorships
Research & Guides
Server Nerd Comic NEW Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Home/Integrations/Proxmox VE
Proxmox VE 7+ LXC + KVM Bridge Monitoring

DDoS Detection for
Proxmox VE

Deploy ftagent on your Proxmox hypervisors for aggregate DDoS detection, or inside individual VMs and LXC containers for per-tenant monitoring. Full attack classification, auto-mitigation, and alerting for virtualized infrastructure.

Start free trial → Agent docs

Deployment Models

Three ways to deploy on Proxmox

On the Hypervisor

Install ftagent directly on the Proxmox VE host. It monitors the physical interface or bridge (vmbr0) and sees all traffic to every VM and container on that node.

  • Single agent covers all guests
  • Sees traffic before it reaches VMs
  • Bridge-level firewall rules
  • Lowest overhead per guest

Inside LXC Containers

Install ftagent inside a privileged LXC container for per-tenant DDoS monitoring. Each container gets its own detection baseline and independent mitigation rules.

  • Per-tenant isolation
  • Independent baselines per container
  • Tenant-specific firewall rules
  • Give tenants read-only dashboard access

Inside KVM VMs

Install ftagent inside any Linux KVM guest. The agent runs identically to a bare-metal install. Each VM gets its own Flowtriq node with full detection, PCAP, and mitigation capabilities.

  • Full feature set per VM
  • PCAP capture inside the guest
  • Independent from hypervisor
  • Works on any Linux guest OS

Setup

Install in three steps

1

Add a Node in Flowtriq

Create a node in your Flowtriq dashboard for each Proxmox host (or each VM/container you want to monitor individually). Copy the API key and node UUID.

2

Install ftagent

SSH into the Proxmox host (or guest) and run:
pip install ftagent && sudo ftagent --setup
Or use the Docker image for containerized deployment.

3

Detection starts immediately

The agent begins monitoring within 30 seconds. Traffic baselines build over 5 minutes. Attacks are detected, classified, and trigger your configured alert channels and mitigation policies.

Capabilities

What you get on Proxmox

Bridge-Level Visibility

When running on the hypervisor, ftagent monitors the Proxmox bridge interface. You see aggregate traffic across all VMs and containers on that node, catching DDoS attacks before they hit individual guests.

Auto-Mitigation

The full 4-level escalation chain works on Proxmox: kernel-level firewall rules, BGP FlowSpec, RTBH, and cloud scrubbing. Rules deploy on the host where ftagent runs and auto-withdraw when attacks end.

Per-Node Analytics

Each Proxmox host or guest with ftagent gets real-time traffic charts, protocol breakdown, incident history, and baseline tracking in the Flowtriq dashboard.

Cluster Coverage

Install ftagent on every node in your Proxmox cluster. Each node reports independently to the same Flowtriq workspace. You get cluster-wide visibility from a single dashboard.

Protect your Proxmox infrastructure

Real-time DDoS detection for hypervisors, VMs, and containers starting at $9.99/node/month.

Start your free trial → Read the guide → Talk to us →

FAQ

Frequently Asked Questions

Should I install ftagent on the Proxmox host or inside VMs?

It depends on what you need. Installing on the Proxmox host gives you aggregate visibility across all guests. Installing inside individual VMs or LXC containers gives you per-tenant detection and mitigation. Many operators do both for layered coverage.

Does ftagent work inside LXC containers on Proxmox?

Yes. ftagent runs on any Linux environment with /proc/net/dev. Privileged LXC containers work out of the box. For unprivileged containers, you need to map the required capabilities (NET_ADMIN for firewall rules, SYS_PTRACE for PCAP).

Can I monitor the Proxmox host bridge traffic?

Yes. When installed on the Proxmox host, ftagent reads traffic from the physical interface (e.g., vmbr0). This captures all traffic flowing through the bridge to your VMs and containers, giving you hypervisor-level DDoS visibility.

How does mitigation work on Proxmox?

ftagent deploys iptables/nftables rules on whatever host it runs on. On the Proxmox host, rules apply to the bridge and affect traffic to all guests. Inside a VM, rules apply only to that VM. The 4-level escalation (firewall, BGP FlowSpec, RTBH, cloud scrubbing) works identically.

Can I deploy ftagent across a Proxmox cluster?

Yes. Install ftagent on each Proxmox node in your cluster. Each node gets its own Flowtriq node in the dashboard. You see cluster-wide DDoS visibility from a single workspace with per-node detection and mitigation.

What about Proxmox Backup Server?

Proxmox Backup Server does not handle live traffic routing, so ftagent is not needed there. Focus on the Proxmox VE compute nodes where your VMs and containers run.