Show HN: Experimental eBPF Firewall in Rust with Heuristic Risk Scoring https://ift.tt/rylfx4U

Show HN: Experimental eBPF Firewall in Rust with Heuristic Risk Scoring I’ve been working on a small experimental eBPF/XDP-based firewall written in Rust (using Aya). It’s not a full IPS and not an antivirus — it’s a packet-level reputation engine for learning purposes. What it currently does Rust + eBPF (XDP) packet inspection Per-IP risk scoring (0–1000) Detects: Port scans: SYN/FIN/NULL/XMAS TTL variance (possible spoofing) Burst traffic patterns (DoS-like) ICMP misuse and oversized payloads Malformed packets Bloom filter blocklist (up to 400k entries) LRU map tracking port access timing Auto-blocking on critical risk Tarpit behavior on high-risk IPs Why I built it I wanted to learn: Rust in kernel-level constraints How XDP works internally Practical heuristics for lightweight threat detection Efficient state tracking inside eBPF maps What it is NOT Not production-ready Not a malware scanner Not a Suricata/Snort alternative Looking for feedback Particularly interested in: Map design improvements Heuristic tuning Performance considerations Ideas to avoid false positives Repo: https://ift.tt/vprDmVS https://ift.tt/RfSLzmJ November 26, 2025 at 12:09AM