# EIP Blocked Rules

EIP Blocked Rules are available in every region and are always active. When traffic to or from an EIP crosses a configured threshold, the rules trigger automatically — no DDoS Protection required. In regions without DDoS Protection, this is your primary inbound defense. In regions with DDoS Protection, it operates as a second layer after cleaning.

## How It Works

Each EIP is assigned a set of traffic thresholds. The system continuously monitors traffic metrics and compares them against these thresholds. When any threshold is exceeded, the system takes protective action:

* **Inbound threshold breach (BPS, PPS, or InCPS):** Traffic to the affected EIP is blackholed, dropping all inbound packets to prevent the attack from saturating your instance or impacting other tenants.
* **Outbound threshold breach (OutCPS):** Internet connectivity for the affected EIP is restricted at the network interface level, preventing a potentially compromised instance from participating in outbound attacks.

## Configurable Thresholds

Each EIP supports both system-default and custom thresholds. Custom thresholds allow you to fine-tune protection to match your specific workload characteristics.

To adjust thresholds for a specific EIP, navigate to the [Elastic IPv4](https://console.zenlayer.com/zec/elastic-ip) page, find the target EIP, click the **⋯** menu in the Actions column, and select **Change Block Threshold**.

Blocking actions are temporary and automatically expire after a configurable duration (default: 2 hours), after which traffic is re-evaluated.