Post by Tirveni Yadav

Why We Built Vaanvil When building Neurowall at CloudArmour, we encountered a challenge that traditional firewall architectures struggle to address. Network enforcement has historically focused on Layer 3 and Layer 4—IP addresses, ports, and protocols. Those controls remain essential, but modern applications increasingly operate through TLS, HTTP/2, HTTP/3, QUIC, and certificate-based identities. The signals that matter most have moved higher up the stack. That's why we built 'Vaanvil', the Layer 7 enforcement engine inside Neurowall. Vaanvil is designed to bring application-aware policy enforcement closer to the packet path using Linux and eBPF, while maintaining the flexibility of a modern userspace control plane. Its goal is simple: make enforcement decisions using meaningful context, not just network addresses. That includes signals such as: • Domains and SNI • Certificate identities and fingerprints • JA3 / JA4 fingerprints • ALPN and protocol metadata • Source and destination context • Deployment and interface awareness What makes this problem particularly interesting is that real-world enforcement is much harder than parsing protocols. You have to deal with first-packet decisions, QUIC and HTTP/3 constraints, encrypted handshakes, multi-interface environments, Linux networking edge cases, observability requirements, and deployment across diverse systems. These aren't theoretical challenges. They're the realities of operating modern networks. At CloudArmour, we believe the future of firewalling requires more than IP- and port-based controls. It requires context-aware enforcement that understands how modern applications actually communicate. Vaanvil is our step in that direction. If you're working on eBPF, Linux networking, traffic enforcement, gateway systems, or modern firewall architectures, I'd love to connect and exchange ideas. https://lnkd.in/gqXMtp2A