Name: ZWall.net
Author: ZWall.net

50+ Organizations Trust ZWall

Trusted by Security Teams Worldwide

Enterprise

FinTech

Cloud Providers

Data Centers

SaaS

SOC2 Ready

GDPR Compliant

ISO 27001 Aligned

HIPAA Compatible

Drive Operational Excellence

Transform network security from a bottleneck into a competitive advantage. Achieve 10x performance gains while reducing compliance risk and operational drag.

50%

Lower Compute Costs

Slash Infrastructure Costs

Process packets efficiently with <5% CPU overhead. Reduce your cloud spend by filtering noise before it consumes expensive compute resources.

10+ Gbps throughput per agent
<5% CPU overhead at 10 Gbps
Zero copy packet processing

100%

Audit Coverage

Enforce Global Compliance

Ensure consistent security posture across every node. Audit, manage, and prove compliance with a single source of truth for your entire fleet.

Unified dashboard for all agents
Real time policy synchronization
Automated agent deployment

24/7

Threat Visibility

Mitigate Operational Risk

Detect and neutralize anomalies instantly. Gain deep observability into network threats to prevent downtime and protect your brand reputation.

Live security event streaming
Performance metrics dashboard
Intelligent alerting system

Unmatched Performance

See how kernel level security outperforms legacy solutions.

Next generation standard

ZWall.net

eBPF/XDP Kernel Technology

10+Gbps

Throughput

<1μs

Latency

<5%

CPU Load

Compared to Traditional Solutions

Legacy Linux

iptables / netfilter

~1 Gbps

High Latency (~100μs)

Hardware

Dedicated Appliance

Bounded

Capital Expensive

Cloud Native

Security Groups

Limited

Basic Feature Set

Built for Enterprise Scale

Solve critical infrastructure challenges with a security layer aimed at business continuity and cost efficiency.

Cloud Cost Control

Stop paying for malicious traffic. Drop noise at the network edge before it hits your load balancers or application servers, reducing billable bandwidth and compute.

Reduce Ingress/Egress fees
Lower Load Balancer CPU

Volumetric DDoS Defense

Defend against flood attacks without expensive scrubbing services. ZWall handles 10M+ PPS on standard hardware, keeping your services online during attacks.

SynFlood / UDP Flood Protection
No "Scrubbing Center" Latency

Regulatory Compliance

Simplify SOC2 and ISO 27001 audits with immutable logs, role based access control, and comprehensive policy history. Prove exactly who changed what, and when.

Audit Ready Logs
RBAC & MFA Enforcement

Complete Feature Set

A comprehensive security platform built for the modern enterprise stack. Everything you need, directly in the kernel.

eBPF/XDP Processing

Ultra low latency packet filtering directly in the OS kernel. Capable of handling 14M+ pps.

CIDR & LPM Blocking

Efficient Longest Prefix Match algorithms for massive IP blocklists without performance degradation.

L2-L4 Filtering

Granular control over specific protocols, ports, and MAC addresses. Bidirectional traffic management.

Priority Whitelisting

Bypass filters for trusted traffic with processing priority. Supports CIDR ranges and MAC signatures.

Lab / Roadmap Preview Coming Q3 2026

Multi Field Complex Filtering Rules

AI Driven Pattern Recognition

Long Term Historic Analytics

Platform Maturity

ZWall is engineered for stability. We maintain a transparent distinction between production hardened features and active engineering efforts.

Stable Beta Planned

Production Baseline

v1.2.0

eBPF/XDP Core Engine Stable

CIDR & LPM Filtering Stable

Agent-Manager Protocol Stable

DDoS Volumetric Defense Stable

CLI Automation (zwallctl) Stable

Multi Tenant RBAC Stable

Active Engineering

Q1 2026

AI Threat Pattern Recognition Beta

Long Term Historical Analytics Planned

Container Mesh Sidecar Planned

Custom ASN Rulesets In Review

GraphQL API Gateway Q3 2026

Technical Deep Dive

Engineered for performance. Explore the kernel level capabilities that power the ZWall ecosystem.

eBPF/XDP Engine

Executes packet filtering logic directly in the network driver via XDP hooks, bypassing the kernel network stack for zero copy processing.

Throughput 14.8 Mpps

Latency <600 ns

Context Kernel Space

Distributed Control Plane

gRPC based manager nodes handle state synchronization and policy propagation to thousands of edge agents in realtime.

Max Agents 10,000+

Sync Time <50ms

Protocol gRPC/mTLS

Governance Engine

Strict RBAC enforcement with immutable audit logging suitable for SOC2/HIPAA compliance environments.

Audit Log Immutable

Auth OIDC / MFA

Scope Global

Trust & Governance

Operational safety controls designed for regulated enterprise environments.

Identity & Access

Strict RBAC Enforcement
MFA / OIDC Integration
API Token Scoping

Audit & Compliance

Immutable Audit Logs
SIEM / Splunk Forwarding
SOC2 Readiness

Isolation & Control

Multi Tenant Isolation
Process Level Filtering
Container Mesh Support

Operational Safety

Automatic Rollbacks
Policy Dry Run Mode
Drift Detection

Kernel level architecture

Bypassing userspace bottlenecks for wire speed packet processing.

Packet Processing Pipeline

Ingress (NIC Driver)

Packets execute XDP hooks immediately upon arrival, before memory allocation (skb).

eBPF Map Lookup

IPs and rules are checked against pre compiled, read optimized BPF maps in nanoseconds.

Verdict

Traffic is flagged directly as XDP_DROP, XDP_PASS, or XDP_TX (redirect).

User Space Reporting

Only metadata and dropped packet samples are sent to user space logging, preserving CPU.

Deploy Anywhere,
Manage Everywhere

ZWall is designed for the modern hybrid cloud. Whether you’re running bare metal Kubernetes, legacy VMs, or public cloud instances, our agent drops in with a single command.

Infrastructure as Code

Native support for Terraform, Ansible, and Puppet. Define security policies alongside your infrastructure.

One Click Updating

Rolling updates with zero downtime. The agent handles eBPF program reloading atomically.

Ubuntu 20.04+ RHEL 8+ Debian 11+ Kubernetes

install_agent.sh

# Install via curl
curl -sL https://get.zwall.net/install.sh | sudo bash

# Or adding to Ansible playbook
- name: Install ZWall Agent
  hosts: all
  tasks:
    - name: Download and install
      shell: curl -sL https://get.zwall.net/install.sh | bash
      env:
        ZWALL_TOKEN: "{{ zwall_api_token }}"

Benchmark Results

Performance validation on standard commodity hardware (Intel Xeon, 10GbE).

Metric	Legacy Firewalls (iptables)	Userspace Proxy (Nginx/Envoy)	ZWall (eBPF/XDP)
Processing Point	Netfilter Hook (Late)	Userspace (Context Switch)	NIC Driver (Earliest)
Packet Throughput	~2.4M pps	~0.8M pps	14.8M+ pps
Latency Overhead	120 - 500 μs	800 - 2000 μs	< 15 μs
DDoS Resilience	Fails at 3M pps	Fails at 1.5M pps	Line Rate
CPU Load (10M pps)	100% (Saturation)	N/A (Dropped)	~12% Core Usage

* Benchmarks conducted on AWS c5.metal instances sending 64byte UDP packets.

ZWall Web Dashboard

A modern React based web application providing comprehensive management for the ZWall Centralized Security System with realtime visibility and control.

React 18 TypeScript Redux Toolkit Material UI Vite

Advanced Protection Distributed Attacks

Advanced Protection Login Rate Limit

Advanced Protection Temp to Perm

Advanced Protection UDP Flood Protection

Agent Detection Settings

Agent Log Monitoring Status

Agent Protection Model

Agent Recent Logs

Agent eBPF Status

Agents

Blocked IP

Cluster

Dashboard Network Traffic Monitor

Dashboard Recent Security Logs

Dashboard Security Events by Severity

Email Templates

Event Logging Settings

Firewall DNS Rules

Firewall Rules

Firewall UID GID Rules

Firwall Standard Rules1

Firwall Standard Rules2

GeolP Filtering

GepIP Setting

Global Detection Settings

IP Blocklists

Integration Cloudflare

Integration Custom Log Parser

Integration ModSecurity

Integration RBL

Integration SMPT Controls

Monitoring SSH Login Alerts

Monitoring Security Logs

Network Isolation

SSL

System Health

Testing Mode Setting

Virtualization Dashboard

Virtualization VMs

Virtualization interfaces

Development Roadmap

Leading the future of network security with 92% core features complete

Current Status: Production Ready Foundation

High performance packet processing

• eBPF/XDP kernel level filtering with sub microsecond latency
• Multi agent distributed architecture supporting 1,000+ nodes
• Realtime centralized management and monitoring
• Advanced Layer 2 security with MAC address filtering

Enterprise Management Features

• Modern web based administration dashboard
• RESTful API with comprehensive automation support
• PostgreSQL database with audit logging
• Token based authentication with automatic rotation

Technical FAQ

Common questions from SRE and Security Engineering teams.

ZWall typically saves 50-80 microseconds per packet by filtering at the XDP (eXpress Data Path) layer in the NIC driver, before the Linux kernel allocates an SKB (Socket Buffer). Unlike iptables which processes traffic after the costly TC/IP stack allocation, ZWall drops malicious traffic before it consumes host resources.

Yes. ZWall's eBPF programs are subjected to the kernel's static verifier, which guarantees they cannot crash the kernel, access invalid memory, or integrity-check loop bounds. We also usage strict map pre-allocation to prevent out-of-memory errors during runtime.

Traffic filtering continues uninterrupted. The eBPF programs are loaded into the kernel and function independently of the user space agent. A crash only temporarily stops policy updates and statistical aggregation; the data plane remains strictly enforced.

Yes. ZWall runs at the XDP layer which precedes the Netfilter layer used by standard firewalls. You can use ZWall for high-volume volumetric drops (DDoS, Blocklists) while keeping your existing stateful firewall for complex application logic.

Absolutely. You can deploy policies with `action: XDP_PASS` (log-only). This allows you to visualize what traffic would be blocked and validate false positives before enforcing strict drops in production.

Documentation & Resources

Everything you need to deploy, manage, and optimize ZWall.net

Quick Start Guide

Prerequisites

Linux server with kernel 4.18+ (5.4+ recommended)
Root access for eBPF program loading
PostgreSQL database (local or remote)
Network connectivity between manager and agents

Quick Setup

# Clone the repository

git clone https://github.com/zwall-net/zwall.git

cd zwall

# Run deployment script

./scripts/install.sh

Complete setup with manager and agent deployment

Getting Started

Security & Protection

Architecture & eBPF

Operations

Request Enterprise Trial

Tell us about your environment and we’ll get in touch to schedule a demo and trial.

Why ZWall

Kernel speed enforcement with eBPF/XDP
Fleet wide policy control and strong RBAC
Transparent audit logs and integrations

Contact

[email protected]

Drive Operational Excellence

Slash Infrastructure Costs

Enforce Global Compliance

Mitigate Operational Risk

Unmatched Performance

Built for Enterprise Scale

Cloud Cost Control

Volumetric DDoS Defense

Regulatory Compliance

Complete Feature Set

Core Security Engine

eBPF/XDP Processing

CIDR & LPM Blocking

L2-L4 Filtering

Priority Whitelisting

Threat Protection

DDoS Mitigation

Smart Scan Detection

Brute Force Defense

WAF Integration

Integrations & Automation

Cloudflare Sync

GeoIP Blocking

CLI Automation

Auto ACME/TLS

Infrastructure & Monitoring

VM Discovery

Central Management

Attack Heatmaps

Self-Service Portal

Access & Governance

Strict RBAC

MFA Enforcement

Audit Trails

Process Filtering