// the find
gamemann/XDP-Firewall
A firewall that utilizes the Linux kernel's XDP hook. The XDP hook allows for very fast network processing on Linux systems. This is great for dropping malicious traffic from a (D)DoS attack. IPv6 is supported with this firewall! I hope this helps network engineers/programmers interested in utilizing XDP!
An eBPF/XDP stateless firewall for Linux that drops packets before the kernel networking stack even sees them. Designed for DDoS mitigation on servers where you control the hardware — game servers, VPS hosts, that kind of thing. Not a replacement for a stateful firewall; it's a packet drop hammer.
The build-time/runtime configuration split is well thought out — disabling unused features like CIDR drops or rate limiting at compile time actually matters for XDP performance since the verifier counts instructions. Pinned BPF maps with companion CLI tools (xdpfw-add/xdpfw-del) mean you can update block lists without restarting, which is exactly what you need during an active attack. The README is honest about the loop scaling problem and explains why the design can't easily eliminate it. IPv6 support is there from the start, not bolted on.
The linear scan through up to 1000 filter rules inside the XDP program is a real performance cliff — author admits it doesn't scale, and there's no roadmap to fix it. No stateful connection tracking means you can't do SYN cookie protection or distinguish established connections from attack traffic; spoofed SYN floods at high volume will overwhelm rate limiting maps with garbage entries. Filter logging has no rate limiting at all, so a matched flood will spike disk I/O and CPU in userspace while you're already under attack. Requires kernel 5.17+ (or 6.4+ for the better loop support) which rules out a lot of older LTS deployments without a kernel upgrade.