Show HN: A bare-metal network mitigation layer using eBPF and nftables

Category: security

Tags: ddos-mitigation, ebpf, nftables, xdp, game-server

Score: 5.5/10 (Innovation: 5, Technical: 6, Documentation: 6, Utility: 5)

This project implements a hybrid DDoS mitigation layer for bare-metal game servers, combining nftables for stateful filtering with XDP/eBPF for early packet drop to reduce kernel overhead under high-PPS UDP floods. It's interesting because it addresses a real operational pain point by synchronizing dynamic blacklists between a custom nftables setup and eBPF maps, offering a pragmatic layered approach for small-scale environments.

Target audience: backend devs, devops, infrastructure engineers

Repository: https://github.com/bardhyliis/ebpf-ddos-mitigation · C#

View on Hacker News