Security

Meet Shield

A unified network security platform — firewall management, DDoS mitigation, IDS/IPS, WAF, threat intelligence, and real-time traffic analysis. One platform to protect your entire infrastructure.

Download View on Flow 
// Block a DDoS attack
client := shield.NewClient("https://shield.koder.dev")

client.CreatePolicy(shield.DDoSPolicy{
    Name:      "HTTP Flood Protection",
    Threshold: shield.Threshold{PPS: 50000},
    Action:    shield.RateLimit,
})

// Auto-mitigates when threshold exceeded
// → DDoS detected: 125K PPS from 42 sources
// → Mitigation applied: rate_limit

Features

Complete network security, built from the ground up.

🛡
Firewall Rules

Declarative firewall rule engine with L3/L4/L7 filtering, zone-based policies, and automatic rule conflict detection.

DDoS Detection

Real-time volumetric and application-layer DDoS detection using adaptive thresholds and behavioral analysis.

🛡
DDoS Mitigation

Automated mitigation with rate limiting, geo-blocking, challenge pages, and upstream scrubbing center integration.

🔎
IDS/IPS

Intrusion detection and prevention with signature-based and anomaly-based engines. Compatible with Snort and Suricata rulesets.

🌐
WAF (OWASP)

Web Application Firewall with OWASP Core Rule Set, custom rules, virtual patching, and bot management.

🕵
Threat Intelligence

Aggregated threat feeds from 50+ sources with automatic IP/domain blocklist updates and IOC correlation.

📈
Traffic Analysis

Deep packet inspection, flow analysis, and bandwidth monitoring with real-time dashboards and historical trends.

🔒
Network Zones

Logical network segmentation with inter-zone policies, DMZ management, and microsegmentation support.

🔁
NAT Management

Source NAT, destination NAT, 1:1 NAT, and port forwarding with connection tracking and state table monitoring.

🤖
Anomaly Detection

ML-powered baseline learning detects unusual traffic patterns, port scans, lateral movement, and data exfiltration.

🔃
Feed Sync

Automatic synchronization of threat intelligence feeds, blocklists, and rulesets with configurable update intervals.

🔌
Integrations

Native integrations with SIEM, SOAR, Slack, PagerDuty, Prometheus, Grafana, and the entire Koder ecosystem.

Firewall Rules API

Manage firewall rules programmatically with a clean, typed Go SDK.

  • L3/L4/L7 rule definitions
  • Zone-based policy management
  • Automatic conflict detection
  • Bulk import/export support
rules, _ := client.ListRules(shield.RuleFilter{
    Zone:   "dmz",
    Action: shield.Drop,
})

client.CreateRule(shield.FirewallRule{
    Name:     "Block SSH brute force",
    Source:   "any",
    Dest:     "10.0.0.0/8",
    Port:     22,
    Protocol: "tcp",
    Action:   shield.RateLimit,
    Limit:    "5/min",
})

WAF Statistics

Monitor WAF activity and blocked threats in real time.

  • OWASP category breakdown
  • Top blocked IPs and URIs
  • False positive tuning
  • Custom rule performance
stats, _ := client.WAFStats(shield.TimeRange{
    From: time.Now().Add(-24 * time.Hour),
    To:   time.Now(),
})

fmt.Printf("Blocked: %d requests\n", stats.Blocked)
fmt.Printf("Top rule: %s (%d hits)\n",
    stats.TopRules[0].Name,
    stats.TopRules[0].Count,
)
// Blocked: 12,847 requests
// Top rule: SQL Injection (3,291 hits)

How It Compares

See how Koder Shield stacks up against the competition.

FeatureKoder ShieldpfSenseCrowdSecCloudflareSuricata
Unified firewall + IDS/IPS + WAFPartialPartial
DDoS detection & mitigationDetection only
Threat intelligence feedsPartialPartial
Self-hosted / on-premise
REST + gRPC APIREST onlyREST onlyREST only
ML-based anomaly detectionPartial
WAF with OWASP CRSVia plugin
Open-source

Frequently Asked Questions

Yes. Koder Shield provides a complete firewall with L3/L4/L7 filtering, NAT, zone-based policies, and connection tracking. It can fully replace pfSense, iptables, or nftables-based setups while adding IDS/IPS, WAF, and DDoS protection on top.

Shield continuously monitors traffic patterns using adaptive thresholds. When a DDoS attack is detected — whether volumetric, protocol-based, or application-layer — it automatically applies rate limiting, geo-blocking, challenge pages, or upstream scrubbing depending on your policy configuration.

Yes. The IDS/IPS engine is compatible with both Snort and Suricata rulesets. You can import your existing rules directly, and Shield will automatically optimize them for its detection pipeline.

Shield aggregates data from 50+ threat intelligence sources including abuse.ch, AlienVault OTX, Emerging Threats, Spamhaus, and many more. Feeds are automatically synced and correlated to update blocklists, IOC databases, and detection signatures.

Absolutely. Shield runs as a self-hosted service and can be deployed inline (as a gateway), out-of-band (tap/mirror mode), or as a sidecar. It integrates with existing SIEM, SOAR, and monitoring tools via native connectors.

Shield is built in Go with zero-allocation hot paths and eBPF-accelerated packet processing. In inline mode, typical latency overhead is under 50 microseconds. For high-throughput environments, hardware offloading and DPDK support are available.

Protect your infrastructure

Unified network security — from firewall to threat intelligence

Download View on Flow