FAQ
Is Kernloom a WAF?
No. Kernloom is L3/L4 anomaly detection + enforcement. It complements WAFs and proxies.
Does it decrypt TLS or inspect payloads?
No. It works without TLS termination and focuses on L3/L4 signals.
Will it block legitimate users behind NAT?
Kernloom is NAT-safe by design: it rate-limits first and escalates only on persistent non-compliance.
Where do I deploy it?
On Linux hosts that sit in front of valuable services: ingress nodes, gateways, edge boxes, or internal chokepoints.
Can I run observe-only mode?
Yes — and you can / should start there.
What does it protect against?
Scans, bursts, churn, SYN pressure, low-rate resource burn, noisy clients, and persistent non-compliance patterns.
Does it replace DDoS appliances/CDNs?
No — it complements them by handling the “rest traffic” that still burns resources downstream.
How much can it process?
eBPF XDP is high performant and can handle millions of incoming requests with just a few cpu/ram ressources. Check out the benchmark page