Distributed Denial-of-Service (DDoS) attacks are a type of cyber-attack in which bad actors overwhelm servers, routers, load balancers, or applications with incoming connections to render them inaccessible.
DDoS attacks effectively compromise the target server, service, or network to crash it or make it unavailable.
A reflection amplification attack is a type of DDoS attack where attackers magnify the amount of traffic generated in order to overwhelm the target and disrupt or shut down systems and services.
We restrict some Droplet network traffic to help protect them against malicious actions, like reflected DDoS attacks. We know these current restrictions also prevent functionality like configuring direct server return and using Droplets as routers and site-to-site VPN gateways. Future changes to our network will support this functionality. Until then, you can work around this limitation by using a VPN mesh network or overlay network.