Cloudflare protection for FiveM

I have seen the old Post from 2018 on the topic, however I just wanted to get this discussed a bit deeper. The main problem I am obviously trying to get solved is that some guys start DDOSing the server due to whatever reason.

Cloudflare actually only protects Web Traffic or Web related, so running on UDP Port 30120 is not part of the Cloudflare Program. Yes, I checked “Spectrum” and that sems to only handle TCP related traffic.

So to mitigate at least some of the attack traffic (mostly Kids triggering some cheep bots) I thought it would be better to drive all traffic via Cloudflare with the exception of UDP 30120.

This is what I did.

In theory, if I got it right, all players need to connect to (in my case) fivem.latenight.coud and this should work.

Everything else hitting other ports should die somewhere in the Cloudflare network.

Is that correct or am I missing something?

Any other ideas I did not think of in terms of getting rid of the kids?

2 Likes will resolve to an ip address at cloudflare so any port you’re trying to reach will be at cloudflare, however everyone can still do nslookup -q=SRV and get to your real server.

Non-authoritative answer: service = 1 1 30120

Authoritative answers can be found from: nameserver = nameserver = internet address = internet address = internet address = has AAAA address 2a06:98c1:50::ac40:213f has AAAA address 2606:4700:58::adf5:3b3f has AAAA address 2803:f800:50::6ca2:c13f internet address = internet address = internet address = has AAAA address 2803:f800:50::6ca2:c076 has AAAA address 2a06:98c1:50::ac40:2076 has AAAA address 2606:4700:50::adf5:3a76

I do not see my IP adress listed?

1 Like

Do a regular A nslookup to the hostname you got in the SRV answer (the

Ah, yes, of course.

So what do I do now to get rid of the kids?

1 Like

Just use a host that has DDoS protection lol

1 Like

Well I guess it ended up being a combo. Cloudflare to obscure for the real dumb kids and a new hoster for the heavy guys.

But I guess the real heavy guys will not be held up by that.

And it was quite an adventure to find a hoster that was affordable with some DDOS protection worth calling that. There are too many out there saying they do and they can without being able to.

1 Like

OVH for high end DDoS protection.

Linux for IP tables.

or alternatively proxy your windows connection through a server running ip tables etc.

OVH Anti-DDoS actually dont work for me :smiley: I still got ddos and no one could be able to join the server…


I tried the OVH as well and the guys that were gunning down my server got enough traffic going to make the DDOS protection look really old.

I noticed that Cloudflare and other BigGuys where using appliances from Arbor. So yes, in the end you will be paying a bit more that if you are getting the 15 bucks chepo server, if you find a Hoster offering Arbor appliances as well.

I found these guys:

You can start with a regular traffic server, but if the guys DDOSing you exceed 750 GBit of attack traffic then you can get a Server there with unlimited protection.

Yes of course unlimited is not from here to the moon and back, but it is the package where they will throw all the incomming traffic at al their appliances and networks.

So you need to piss of some real good guy and not just some wannabe with a DDOS pannel bought for 50 Dollars in the Darknet.

Oh and one last comment wo “Windows” mentioned above. I have given up on windows a long long time ago. You need to get machine with close to double the CPU just to keep Windows happy. Why would anyone do that.

I use iptables to still catch broken packets as well as do some connection tracking.

So, hiding with CloudFlare, FiveM on Linux with some basic iptables stuff and a good hoster is the way it works for me right now without any complaints!


Ovh for me is not im using ovh now but still one month they only say is the fivem server is the problem