Live PPS (last 15m)
Drag horizontally on the chart to select a region, then right-click to label it.
Mark as attack trains the detector that this shape = bad; Mark as real trains that this shape = normal player traffic;
Mark untrainable tells the baseliner to skip the region (use this for known weirdness you don't want learned either way).
Labels describe traffic patterns, not individual packets.
Drop reasons (window)
| reason | enforced | would-have |
|---|
Recent bans
| time | ip | port | reason |
|---|
Detected & labeled attacks
| id | started | ended | peak pps | dropped | source | verdict |
|---|
Connected players
0
| id | username | edition | ip | port | intent | proto | joined | bytes | pkts |
|---|
Players are tracked at the proxy. Bedrock sessions don't expose a username pre-encryption — they show as anon.
Backend targets
Each protected port can forward to its own
host:port. Leave a row blank to disable that port's listener.
XDP filtering still runs on the port even when no backend is set.
| frontend | proto | backend host:port |
|---|
Active bans
| ip | age | expires in |
|---|
Allowlist
IPs in this list bypass every BPF check (rate limit, handshake validation, unverified-SYN tracker).
| ip |
|---|
Detector weights
| feature | weight |
|---|
Threshold
Untrainable ranges
| start | end | note |
|---|
Legitimate ranges
| start | end | note |
|---|
Operating mode
Train and Dry-run never drop packets. Train also lets baselines update on real attacks unless you mark regions untrainable.
BPF tunables (live)
Auto-tuner overwrites SYN/UDP rate & burst every 5 minutes based on peaceful baselines.
Change password