How We Used eBPF to Build Programmable Packet Filtering in Magic Firewall
Cloudflare's Magic Firewall is a distributed stateless packet firewall built on Linux nftables that runs on every server in their data centers worldwide. It provides advanced protection against sophisticated attacks by leveraging the Extended Berkeley Packet Filter (eBPF) technology to extend its use of nftables. The integration of eBPF allows for more powerful syntax and increased flexibility, enabling users to match on various packet parameters and implement advanced packet parsing and content matching. This makes Magic Firewall a highly effective solution for protecting networks from malicious traffic.
Company
Cloudflare
Date published
Dec. 6, 2021
Author(s)
Chris J Arges
Word count
1375
Language
English
Hacker News points
7