/plushcap/analysis/cloudflare/programmable-packet-filtering-with-magic-firewall

How We Used eBPF to Build Programmable Packet Filtering in Magic Firewall

What's this blog post about?

Cloudflare's Magic Firewall is a distributed stateless packet firewall built on Linux nftables that runs on every server in their data centers worldwide. It provides advanced protection against sophisticated attacks by leveraging the Extended Berkeley Packet Filter (eBPF) technology to extend its use of nftables. The integration of eBPF allows for more powerful syntax and increased flexibility, enabling users to match on various packet parameters and implement advanced packet parsing and content matching. This makes Magic Firewall a highly effective solution for protecting networks from malicious traffic.

Company
Cloudflare

Date published
Dec. 6, 2021

Author(s)
Chris J Arges

Word count
1375

Language
English

Hacker News points
7


By Matt Makai. 2021-2024.