Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode NEW
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Home/Tools/nftables Rule Generator

Free Tool

nftables DDoS Protection Rule Generator

Generate modern nftables rulesets for Linux DDoS protection. nftables replaces iptables with better performance, atomic rule updates, and a cleaner syntax.

Protections

SYN Flood Protection
Rate limit new TCP connections with meters
Limit:/sec per IP
UDP Flood Protection
Rate limit UDP traffic per source
Limit:/sec per IP
ICMP Limiting
Prevent ping floods and ICMP abuse
Limit:/sec
Connection Tracking
Drop invalid states, accept established
Global Rate Limiting
Overall new connection rate limit
Limit:/sec total
Blackhole Set
Named set for dynamically blocking IPs
Port Filtering
Only allow specific service ports
nftables-ddos.conf
Select your protections and click Generate Rules to create your nftables ruleset.
Warning: Always test nftables rules before applying to production. Use nft -c -f nftables.conf to check syntax without applying. Keep out-of-band access available. On systemd systems, rules persist via /etc/nftables.conf and systemctl enable nftables.

nftables vs iptables - Why Migrate?

Featureiptablesnftables
Atomic rule replacementNo (rule-by-rule)Yes (entire ruleset)
Performance at scaleLinear matchingOptimized set lookups
IPv4 + IPv6 unifiedSeparate commandsinet family handles both
Named sets/mapsRequires ipsetBuilt-in
Kernel APILegacy xtablesModern nf_tables
SyntaxFlat CLI flagsStructured, readable
Tracing/debuggingLimitedBuilt-in trace support
Distro default (2024+)Being deprecatedDefault in most distros

Protect your infrastructure with Flowtriq

Detect DDoS attacks in under 1 second. Classify attack types automatically. Get instant alerts.

Start your free trial →

Deployment Guide

Follow these steps to safely deploy your generated nftables rules on a production server.

1. Validate Syntax

Check for errors with nft -c -f rules.nft. The -c flag validates without applying.

2. Set a Safety Timeout

Schedule an automatic rollback: at now + 5 minutes <<< "nft flush ruleset". If you get locked out, rules flush automatically.

3. Apply Rules

Run nft -f rules.nft and test SSH immediately. Cancel the safety timeout once confirmed.

4. Persist Across Reboots

Save with cp rules.nft /etc/nftables.conf && systemctl enable nftables. On Debian/Ubuntu, the nftables service loads /etc/nftables.conf at boot automatically.

5. Monitor Rule Counters

Run nft list ruleset to see active rules and packet/byte counters confirming traffic is hitting your rules.

Export your results

FAQ

Frequently Asked Questions

What is nftables and how is it different from iptables?

nftables is the modern Linux firewall successor to iptables introduced in kernel 3.13. It uses a unified rule engine for IPv4, IPv6, ARP, and bridge filtering, supports sets for efficient multi-IP matching, and allows atomic rule updates. Most Linux distributions now default to nftables.

How do nftables rules stop a UDP flood?

Create a meter to rate-limit UDP: udp limit rate over 10000/second drop. Combined with an IP set for known attacker IPs and connection rate limits, nftables drops volumetric UDP floods at line rate with minimal CPU impact.

Should I use nftables or XDP for DDoS mitigation?

nftables operates in the netfilter layer with full conntrack — ideal for protocol-aware filtering. XDP runs before netfilter at the driver level for maximum throughput (100Gbps+ capable). For attacks over 1M PPS, XDP is significantly better. Use nftables for surgical filtering, XDP for volumetric defense.