How to Apply a Filter to an IP Address in the Firewall Panel
How to Apply a Filter to an IP Address
Applying a filter is one of the most common tasks in the Firewall Panel. Filters let you control which traffic is allowed or denied on specific IPs.
Steps to Apply a Filter
- Go to the Dashboard and click Manage IP Addresses.
- Select the IP you want to protect.
- Click Apply Protection (or View Filters to open the filter list).
- Click Apply Protection to open the protection dialog.
- Choose whether you want to apply a Profile Preset (one-click recommended rules) or add a Custom Filter.
How to Apply Profile Presets
Profile Presets automatically apply a set of recommended rules for a game, service, or scenario. Pick the preset and it will add the correct filter entries to your IP.
Available Profile Presets
Preset Name | Description |
|---|---|
Allow CloudFlare | Allows Cloudflare’s published IP ranges. |
ARK: Survival Evolved | Base protection for ARK game servers. |
Counter-Strike 2 | Base protection for CS2 game servers. |
Counter-Strike: Global Offensive | Base protection for CS:GO servers. |
DayZ | Base protection for DayZ servers. |
Garry’s Mod | Base protection for GMod servers. |
Minecraft: Bedrock | Base protection for Bedrock servers. |
Minecraft: Java | Base protection for Java edition servers. |
OpenVPN | Rules optimized for OpenVPN usage. |
WireGuard | Rules optimized for WireGuard usage. |
RedM | Base protection for RedM servers. |
Restrict CloudFlare | Restricts Cloudflare traffic across ports (tight allowance). |
Rust – A2S | Rust with Steam A2S query open. |
Rust – No A2S | Rust without A2S query. |
Whitelist CS2Browser.net | Whitelist CS2Browser to query your server. |
Whitelist GameTracker.com | Whitelist GameTracker to query your server. |
Whitelist GameTracker.rs | Whitelist GameTracker.RS to query your server. |
Once a preset is applied, you’ll see all generated rules in the Applied Filters list for that IP.
How to Apply Custom Filters
Custom Filters let you define exactly what to allow or deny by protocol, port (or range), and optional source IP.
- Select Filter — Pick the rule template from the dropdown.
- Protocol — Choose TCP, UDP, or ICMP (as required by your service).
- Use port range — Toggle on if you need consecutive ports.
- Port — Enter a single port or the first/last port when using a range. Use
0to target all ports for that protocol. - Source IP (optional) — Limit traffic to a specific source (e.g., your monitoring IP or reverse proxy). Leave empty to apply to all sources.
Available Protocols
- TCP
- UDP
- ICMP
Available Filters — Full List (with descriptions)
Category | Filter Name | Description |
|---|---|---|
General | Allow Traffic (Pass) | Allows traffic on the selected protocol/port(s). |
| Deny Traffic (Drop) | Silently drops traffic on the selected protocol/port(s). |
| Allow BattleMetrics | Whitelists BattleMetrics’ queries. |
| Any TCP application (beta) | Generic L7 protection for TCP apps. |
Cloudflare / Access Control | Cloudflare Only | Allows only Cloudflare egress IPs. |
| SynCookies | SYN cookie mitigation for TCP floods. |
Valve / Steam Ecosystem | Steam Query | Allows Steam A2S queries. |
| SteamNET | Rules for Steam Networking traffic. |
| Team Fortress 2 | TF2-specific rules. |
| CS 1.6 | Rules for CS 1.6. |
| CS 1.6 Alternative | Alternative profile for CS 1.6 setups. |
| CS:GO | Rules for CS:GO servers. |
Bohemia / DayZ | DayZ | Game rules for DayZ. |
| DayZ – Experimental | Variant for experimental DayZ branches. |
| DayZ Query | Query-specific allowances for DayZ. |
FiveM / RedM | FiveM | Base allowances for FiveM. |
| FiveM Experimental | Alternative ruleset for FiveM. |
| FiveM SynCookies | TCP SYN mitigation for FiveM. |
| FiveM SynProxy | TCP SYN proxy for FiveM. |
| FiveM TCP L7 (recommended) | L7 TCP filtering for FiveM. |
Survival / Crafting | ARK Survival Evolved | Main ARK rules. |
| ARK Survival Evolved Query | Enables ARK queries/listing. |
| ARK Survival Evolved RAW | RAW UDP handling for ARK. |
Minecraft | Minecraft – Java | Rules for Java edition. |
| Minecraft – Bedrock | Rules for Bedrock edition. |
Other Games | Garry’s Mod | Source engine rules for GMod. |
| Hurtworld | Rules for Hurtworld. |
| Palworld | Rules for Palworld. |
| SCP: Secret Laboratory | Rules for SCP:SL. |
| Squad Game | Rules for Squad. |
| Squad Beacon | Beacon/query component for Squad. |
| The Isle | Rules for The Isle. |
| Unturned | Rules for Unturned. |
| SA:MP | Rules for San Andreas Multiplayer. |
| Nova-life: Amboise | Rules for Nova-life: Amboise. |
RakNet Family | RakNet | Generic RakNet rules. |
| RakNet V2 | Updated rules for RakNet V2. |
| RakNet V2 – No A2S | RakNet V2 without A2S query. |
Voice & VPN | TeamSpeak 3 | Rules for TS3. |
| OpenVPN | VPN allowances for OpenVPN. |
| WireGuard | VPN allowances for WireGuard. |
Utility / Connectivity | UDP Holepunch (recommended) | Allows NAT traversal patterns (P2P/engine hole-punching). |
* Ports are defined by your service configuration. Always apply filters to the actual ports your service uses.
If you rely on server lists/queries, make sure the relevant *Query filter is also applied (e.g., Steam Query or DayZ Query).
* If you front your service with Cloudflare or a reverse proxy, pair the app/game filter with Cloudflare Only or a Source IP whitelist.
Once a filter is applied, it appears in Applied Filters for that IP.
How to Remove a Filter
- Open View Filters for the IP.
- Click Remove next to the rule you want to delete.
The rule is removed within couple of seconds.
Tips & Best Practices
- Start with the Profile Preset for your game/service, then add Custom Filters if you need special ports.
- Avoid
0(all ports) unless you have a strong reason; it widens exposure. - Use Source IP to safely allow monitoring, reverse proxies, or trusted admins.
- If connectivity breaks after applying rules, remove the last change and re-apply in smaller steps.
Updated on: 27/09/2025
Thank you!