talos

high performance layer 4 firewall using ebpf/xdp. runs directly in the linux kernel.

why

regular firewalls like iptables are slow under ddos. talos uses xdp which hooks at the network driver level - packets get dropped before they even reach the kernel network stack. way faster.

features

• block ips, ports, protocols
• rate limiting
• auto-ban repeat offenders
• whitelist mode
• real time tui dashboard

requirements

linux kernel 5.15+, go 1.21+, clang, llvm, libbpf

sudo apt install clang llvm libbpf-dev linux-headers-$(uname -r)

build

make generate
make build

usage

sudo ./talos start eth0          # attach to interface
sudo ./talos block 1.2.3.4       # block ip
sudo ./talos block-port 22       # block port
sudo ./talos block-proto icmp    # block protocol
sudo ./talos ratelimit 100       # 100 pps limit
sudo ./talos autoban 3           # ban after 3 violations
sudo ./talos whitelist-mode on   # only allow whitelisted
sudo ./talos monitor             # tui dashboard
sudo ./talos status              # show stats

coming soon

• persistent rules
• config files
• rest api
• logging

license

gpl-2.0