frontpage.

I’ve been working on a small experimental eBPF/XDP-based firewall written in Rust (using Aya). It’s not a full IPS and not an antivirus — it’s a packet-level reputation engine for learning purposes.

What it currently does

Rust + eBPF (XDP) packet inspection

Per-IP risk scoring (0–1000)

Detects:

Port scans: SYN/FIN/NULL/XMAS

TTL variance (possible spoofing)

Burst traffic patterns (DoS-like)

ICMP misuse and oversized payloads

Malformed packets

Bloom filter blocklist (up to 400k entries)

LRU map tracking port access timing

Auto-blocking on critical risk

Tarpit behavior on high-risk IPs

Why I built it

I wanted to learn:

Rust in kernel-level constraints

How XDP works internally

Practical heuristics for lightweight threat detection

Efficient state tracking inside eBPF maps

What it is NOT

Not production-ready

Not a malware scanner

Not a Suricata/Snort alternative

Looking for feedback

Particularly interested in:

Map design improvements

Heuristic tuning

Performance considerations

Ideas to avoid false positives

Repo: https://github.com/N1ghttm4r33/Antivirus/tree/main

Show HN: We built an open source, zero webhooks payment processor

Show HN: MCP Security Scanning Tool for CI/CD

Show HN: I built an interactive HN Simulator

Show HN: OCR Arena – A playground for OCR models

Show HN: Experimental eBPF Firewall in Rust with Heuristic Risk Scoring

Show HN: SafeShare – Clean tracking params locally (PWA and bookmarklets

Show HN: Datamorph – A clean JSON ⇄ CSV converter with auto-detect

Show HN: Superglue – OSS integration tool that understands your legacy systems

Show HN: We cut RAG latency ~2× by switching embedding model

Show HN: Search London StreetView panoramas by text

Show HN: Cynthia – Reliably play MIDI music files – MIT / Portable / Windows

Show HN: Fractalbits – S3 compatibe store，1M iops p99～5ms，using Rust and Zig

Show HN: Sparse Matrix-Vector Multiplication that works at 30–90% sparsity

Show HN: Stun LLMs with thousands of invisible Unicode characters

Show HN: Deft-Intruder – Real-time malware detection daemon for Linux

Show HN: I wrote a minimal memory allocator in C

Show HN: BTreePlus – A cache-optimized B+Tree engine for .NET faster than SQLite

Show HN: Hypercamera – a browser-based 4D camera simulator

Show HN: Supabase-Test – Fast Isolated Postgres DBs for Testing Supabase RLS

Show HN: Virtual SLURM HPC cluster in a Docker Compose

Show HN: How I think tabs should be managed in a terminal

Show HN: Build the habit of writing meaningful commit messages

Show HN: Axe - A Systems Programming Language with Builtin Parallelism and No GC

Show HN: BreakToGoal – A planner calendar that break big goals into tasks

Show HN: I built an interactive map of jobs at top AI companies

Show HN: Colonet – Anonymous forum, no sign-up needed

Show HN: Forty.News – Daily news, but on a 40-year delay

Show HN: Wealthfolio 2.0- Open source investment tracker. Now Mobile and Docker

Show HN: The Wiki Game - reach target Wikipedia page by clicking hyperlinks only

Show HN: I wrote my lecture notes in Typst

Show HN: We built an open source, zero webhooks payment processor

Show HN: MCP Security Scanning Tool for CI/CD

Show HN: I built an interactive HN Simulator

Show HN: OCR Arena – A playground for OCR models

Show HN: Experimental eBPF Firewall in Rust with Heuristic Risk Scoring

Show HN: SafeShare – Clean tracking params locally (PWA and bookmarklets

Show HN: Datamorph – A clean JSON ⇄ CSV converter with auto-detect

Show HN: Superglue – OSS integration tool that understands your legacy systems

Show HN: We cut RAG latency ~2× by switching embedding model

Show HN: Search London StreetView panoramas by text

Show HN: Cynthia – Reliably play MIDI music files – MIT / Portable / Windows

Show HN: Fractalbits – S3 compatibe store，1M iops p99～5ms，using Rust and Zig

Show HN: Sparse Matrix-Vector Multiplication that works at 30–90% sparsity

Show HN: Stun LLMs with thousands of invisible Unicode characters

Show HN: Deft-Intruder – Real-time malware detection daemon for Linux

Show HN: I wrote a minimal memory allocator in C

Show HN: BTreePlus – A cache-optimized B+Tree engine for .NET faster than SQLite

Show HN: Hypercamera – a browser-based 4D camera simulator

Show HN: Supabase-Test – Fast Isolated Postgres DBs for Testing Supabase RLS

Show HN: Virtual SLURM HPC cluster in a Docker Compose

Show HN: How I think tabs should be managed in a terminal

Show HN: Build the habit of writing meaningful commit messages

Show HN: Axe - A Systems Programming Language with Builtin Parallelism and No GC

Show HN: BreakToGoal – A planner calendar that break big goals into tasks

Show HN: I built an interactive map of jobs at top AI companies

Show HN: Colonet – Anonymous forum, no sign-up needed

Show HN: Forty.News – Daily news, but on a 40-year delay

Show HN: Wealthfolio 2.0- Open source investment tracker. Now Mobile and Docker

Show HN: The Wiki Game - reach target Wikipedia page by clicking hyperlinks only

Show HN: I wrote my lecture notes in Typst

Show HN: Experimental eBPF Firewall in Rust with Heuristic Risk Scoring