need help on ddos protection

Hello i need help
i run vpn on Softethervpn
and i set ip tables to block everything but some attack not effect the server its only bypass to the vpn server and i use ovh game server is there any advice to block all traffic its bypass my vpn server

second
i wan ddos protection to stop botnet or L7 on my ovh game i host my site on it but its with L7 down
is there any advice ?

Experiencing a DDoS on one of my GCP instances. What can I do?

I have a single instance running on GCP which right now’s suffering from a load-based DDoS. It’s a Debian-based instance proxying the traffic internally to a Geneweb daemon running on the same machine.

I recognized the server only answering with 503 Service Unavailable. Which I assume is Apache still responding while the daemon just can’t handle the load.

GCP’s Monitoring shows the instance spike. GCP Monitoring

tailf error.log shows incoming traffic. Screenshot Console

The instance is not load-balanced and has just default firewall rules. I’m rather inexperienced in advanced network administration, which is needed here.

Any hints? Recommendations?

Why is GRE tunneling is needed when having a BGP based solution against DDoS?

I understand that GRE tunneling is very handy when sending the data back to the client after scrubbing because it’s designed to ensure that the data is sent reliably by initiating a private point-to-point connection. My question is, why is this needed? Why can’t the data be sent ‘normally’, via the internet? Will data get lost if sent via the normal way? Is it to be sure that the data isn’t intercepted over the internet?