alt Hacker NewsI'm currently working again on my ebpf firewall, where I'm integrating an active DDoS kind of analysis across the network, so that other backends using that firewall can synchronize their blocklists more efficiently and contribute their traffic data.
I want the firewall to be some kind of middleware(?) for Go backends, so you can plug it in and can stop worrying. At least that's the idea.
It's similar probably to what cloudflare's DDoS protection is built like, but I'm focusing on Go backends first (my own use case) and am trying to make this as decentralizable as possible.
Is gonna take a bit until I'm confident that this approach will work, but I highly recommend eBPF for blocking and traffic analysis. It's insane what you can offload to the NIC, even when it's only partial support and not fully supporting XDP. The blocks are just so much faster to do than in userspace.
Yes but how’s that going to help when the IPs you’re banning are mobile IP addresses? Bright Data claims to have over 7 million of them in their network. They aren’t in contiguous ASNs because they’re sourced from regular human users unknowingly running proxy endpoints on their mobile devices.
(I agree, eBPF is very cool. Once you dive into the Linux network internals you discover a bunch of shortcuts you can take to execute code on packets before they ever leave kernel space.)