▲ 5 r/eBPF
Hi guys I'm back,
A month ago I shared Basic XDP, a lightweight eBPF/XDP firewall that automatically syncs its port whitelist with whatever's actually listening on your machine. The feedback here was great, so I kept building.
The project is now renamed to Auto XDP, and here's what's new:
New features:
- Per-IP SYN rate limiting — configurable per-port, with service-aware defaults (stricter for SSH/MySQL, relaxed for mail)
- ICMP token-bucket rate limiter — XDP-level ping flood protection with smart IPv6 NDP whitelisting so you don't break neighbor discovery
- VLAN support — 802.1Q and QinQ tag stripping so rules apply correctly to inner IP traffic
- ECN-aware SYN matching — handles SYNs with ECE/CWR flags set
- Faster conntrack — RST evicts entries and passes to kernel for proper socket cleanup; FIN evicts immediately;
- Multi-distro installer — Debian/Ubuntu, Fedora/RHEL, Arch, openSUSE, Alpine, with systemd and OpenRC support
I'm also thinking about what to focus on next. And I would love to hear what use cases you'd want covered. What's missing for your setup?
u/CheeseTerminator — 24 days ago