Getting started

This page gets you from install -> first enforcement in a few minutes.

Assumptions:

• You run on Linux with root access
• You want to install Kernloom Shield (klshield) and Kernloom IQ (kliq)

1) Install Kernloom

Install the latest release:

curl -fsSL https://linkl.it/kernloom | sudo sh

Install a specific release version:

curl -fsSL https://linkl.it/kernloom | sudo KERNLOOM_VERSION=v0.0.1 sh

This installs:

• /usr/local/bin/klshield
• /usr/local/bin/kliq
• /usr/local/share/kernloom/bpf/klshield.bpf.o
• /etc/kernloom/iq/whitelist.txt
• /var/lib/kernloom/iq/feedback.json

2) Ensure bpffs is mounted

Kernloom pins maps under /sys/fs/bpf.

mount | grep -q "/sys/fs/bpf" || sudo mount -t bpf bpf /sys/fs/bpf

3) Attach Kernloom Shield (XDP)

Replace eth0 with your real interface.

sudo klshield attach-xdp \
  -iface eth0 \
  -obj /usr/local/share/kernloom/bpf/klshield.bpf.o

Validate that counters move:

sudo klshield stats
sudo klshield top-src -n 20 -by pkts

4) Start Kernloom IQ in dry-run first

Dry-run prints decisions but does not enforce.

sudo kliq \
  --profile public-api \
  --interval 1s \
  --top 50 \
  --dry-run=true \
  --bootstrap=true \
  --state-file /var/lib/kernloom/iq/state.json 

Let it run for a bit and watch for STATE ... transitions.

5) Enable enforcement

with dry-run=false

sudo kliq \
  --interval 1s \
  --top 100 \
  --dry-run=false \
  --state-file /var/lib/kernloom/iq/state.json \

6) Quick recovery

Temporary exemption via feedback file (/var/lib/kernloom/iq/feedback.json):

[
  {"target":"203.0.113.7","action":"forgive","ttl":"24h","notes":"known good"}
]

Permanent exemption via whitelist file (/etc/kernloom/iq/whitelist.txt):

203.0.113.7
203.0.113.0/24