Protect backends from abusive traffic before your proxy or app burns CPU

Detect abnormal traffic patterns early and enforce soft limits, hard limits, or blocks before L7 becomes the bottleneck.

Get started
Kernloom helps reduce suspicious and excessive L3/L4 traffic before it consumes CPU, connection state, or backend capacity. It is designed for Linux hosts and gateways that need early protection in front of reverse proxies, WAFs, APIs, and internal services.

What Kernloom protects

Kernloom helps reduce suspicious and excessive L3/L4 traffic before it consumes CPU, connection state, or backend capacity. It is designed for Linux hosts and gateways that need early protection of reverse proxies, WAFs, APIs, and internal services.

  • Reverse proxies and WAFs: Reduce unwanted traffic before it reaches expensive L7 inspection. Kernloom helps keep proxies and WAFs available by filtering and rate-limiting suspicious traffic earlier in the packet path.
  • APIs and backends: Protect login endpoints, APIs, and fragile services from SYN pressure, scan noise, and connection-heavy traffic that can degrade performance or availability.
  • Linux gateways and hosts: Deploy protection directly on Linux gateways or servers to reduce overload risk at the edge, close to the workload, or inside internal east-west environments.
Responses can escalate from observation to soft rate limiting, hard rate limiting, and temporary blocking. This helps reduce noise while staying safer for legitimate traffic.

How Kernloom works

Early filtering, telemetry, and progressive enforcement. Kernloom combines fast packet-path enforcement with adaptive userspace decisions. It observes traffic, scores anomalies, and escalates enforcement step by step instead of jumping directly to hard blocking.

  • Traffic arrives on a Linux interface
  • Shield enforces at L3/L4 in the kernel
  • Shield exports telemetry
  • IQ reads that telemetry in userspace
  • IQ applies progressive actions such as observe, soft limit, hard limit, or block
Kernloom protects Linux gateways, reverse proxies, WAFs, APIs, and backends from suspicious and excessive L3/L4 traffic before it becomes expensive.

Where to use Kernloom

Kernloom is built for situations where traffic is not always a full DDoS, but still creates load, noise, and operational risk for frontends and backends.

  • Protect login and API endpoints: Reduce abusive connection patterns, repeated retries, and source behaviour that puts pressure on authentication flows and API capacity.
  • Shield backends behind reverse proxies: Filter suspicious L3/L4 traffic before it reaches your reverse proxy, WAF, or application tier, so backend systems do not absorb unnecessary load.
  • Reduce scan noise and SYN pressure: Handle noisy internet background traffic, port scans, and SYN-heavy connection patterns before they become operational overhead.
  • Protect internal east-west traffic paths: Detect and react when service-to-service traffic suddenly changes shape, volume, or source pattern inside internal Linux environments.
Read the architecture

Why teams want Kernloom

Short, practical outcomes Kernloom is designed to deliver in real production environments.

We need stability under churn: fewer connection spikes, lower CPU pressure, and predictable latency - without blocking shared NAT users.
Platform Engineering

Platform Engineering

Ingress / Gateway Owners

We want progressive enforcement: observe first, then limit, then block — with automatic recovery and faster action for repeat offenders.
Security Operations

Security Operations

Blue Team

We measure success by fewer incidents, faster time-to-stability, and keeping the rest of the stack focused on what it does best.
SRE Team

SRE Team

Reliability & Incident Response

call to action

Start easy and safe

curl -fsSL https://linkl.it/kernloom | sudo sh

Attach Shieldrun IQ in dry-run & bootstrap modelearn your baselineenable enforcement


Get started