We Put an L7 Firewall in the Kernel

·Hacker News··

Application-layer firewall decisions at XDP, before a socket buffer exists. We built a firewall that decides on HTTP/2 headers in the kernel with eBPF and lets you write the policy as a JavaScript app. The decision lands in the nanoseconds, changing a rule takes no rebuild or restart, and it's already running in front of real enterprise traffic. Here's how it works.

Read full article →

Related Articles

Claude Code sends 33k tokens before reading the prompt; OpenCode sends 7k
systima · Hacker News · 19h ago
Leak of San Francisco Police Drone Footage Exposes Reality of Urban Surveillance
nozzlegear · Hacker News · 2h ago
Since Chromium 148, Math.tanh is now fingerprintable to link underlying OS
joahnn_s · Hacker News · 17h ago
Irish datacenters now guzzle 23% of the country's electricity
Bender · Hacker News · 18h ago
Old and new apps, via modern coding agents
subset · Hacker News · 1d ago