I appreciate the tip but as a privacy minded self-hoster I try to avoid companies like cloudflare. Surely there has to be a way to diy DDoS protection?
@brownmustardminion pfsense + incoming geo IP control (allow only from certain regions)
I imagine that’s essentially what I’ve accomplished with Traefik already. The question I have is if Geoblocking does much to mitigate a DDoS. I know for sure it’s at least useful to block third world scammers and bots from running hacking scripts against my server.
@brownmustardminion DDoS usually involves attacks from multiple geographical locations simultaneously. You will eliminate a large threat surface by restricting which countries are allowed for incoming. Of course this won't prevent targeted attacks from hackers who know you and want revenge and can setup bots in a single location but these are rare. Most attempts are by script kiddies.