Hi, thanks for the project — it’s been working really well for mitigating TCP-based attacks on Minecraft servers.
One feature that would be very useful in real-world setups is a whitelist. In practice, we often have trusted IPs or CIDR ranges (for example, protected relay nodes, WireGuard/GRE peers, or monitoring services) that should never be filtered, even when the XDP logic is actively dropping traffic during an attack. Being able to mark these sources so they always bypass the filter and immediately pass would help avoid false positives and connection issues during heavy SYN/PPS floods.
A simple IP/CIDR-based whitelist that’s checked before the main filtering logic would already cover most use cases. This would make the filter much easier to use in production environments.
Thanks again for the work on this project.
Hi, thanks for the project — it’s been working really well for mitigating TCP-based attacks on Minecraft servers.
One feature that would be very useful in real-world setups is a whitelist. In practice, we often have trusted IPs or CIDR ranges (for example, protected relay nodes, WireGuard/GRE peers, or monitoring services) that should never be filtered, even when the XDP logic is actively dropping traffic during an attack. Being able to mark these sources so they always bypass the filter and immediately pass would help avoid false positives and connection issues during heavy SYN/PPS floods.
A simple IP/CIDR-based whitelist that’s checked before the main filtering logic would already cover most use cases. This would make the filter much easier to use in production environments.
Thanks again for the work on this project.