Ebpf-Powered Firewall and Tcp/http Proxy Agent

Moat is a high-performance reverse proxy and firewall built with Rust, featuring:

XDP-based packet filtering for ultra-low latency protection at kernel level Dynamic access rules with automatic updates from Arxignis API BPF statistics collection for packet processing and dropped IP monitoring TCP fingerprinting for behavioral analysis and threat detection TLS fingerprinting with JA4 support for client identification JA4+ fingerprinting with complete suite: JA4H (HTTP headers), JA4T (TCP options), JA4L (latency), JA4S (TLS server), and JA4X (X.509 certificates) Automatic TLS certificate management with ACME/Let's Encrypt integration Threat intelligence integration with Arxignis API for real-time protection CAPTCHA protection with support for hCaptcha, reCAPTCHA, and Cloudflare Turnstile Content scanning with ClamAV integration for malware detection PROXY protocol support for preserving client IP addresses through load balancers Health check endpoints for monitoring and load balancer integration Redis-backed caching for certificates, threat intelligence, and validation results Domain filtering with whitelist support Wirefilter expressions for advanced request filtering Unified event queue with batched processing for logs, statistics, and events Flexible configuration via YAML files, command line arguments, or environment variables