NullRabbit

Enforcement - open source

Guard.

Kernel-speed action, only when authority has been earned.

[01]·What Guard does

Acts on instructions from Mesh, at kernel speed.

Guard performs XDP/eBPF kernel-level packet blocking on operator infrastructure. It acts only on instructions issued by Mesh, scoped to abuse classes the operator has explicitly authorised. Microsecond decision-to-action. Fail-open architecture: if Guard or the Mesh platform goes down, traffic flows. Security software does not cause downtime.

[02]·Why it matters

What you get.

Machine-speed enforcement.

XDP/eBPF in the kernel. Microseconds, not milliseconds. Decision-to-action faster than the attack can pivot.

Authority is bounded.

Guard only acts on judgments Mesh has earned the authority to make. Scoped per abuse class, revocable, audited.

Drop-in compatible.

Run alongside your existing firewall, or replace it. Open source - inspect, fork, deploy. No vendor lock-in.

[03]·Deploy

Three steps.

  1. 01

    Install

    Drop Guard onto the validator host. XDP attaches to the NIC. No reboot, no kernel patching beyond what your distribution already supports.

  2. 02

    Authorise

    Connect Guard to your Mesh tenant. Authority is granted per abuse class - start narrow, expand as evidence supports.

  3. 03

    Run

    Mesh issues enforcement instructions. Guard executes in the kernel. Every action is logged with full context. Revocable at any time.

Get the source →