Hillock

Drop traffic before it touches your stack.

Hillock is the kernel-level firewall that lives inside every Synapse agent. Malicious traffic is filtered, rate-limited, or dropped before it ever reaches your application — no proxy in the path, no TLS termination, no latency penalty.

What Hillock is for

• Wire-speed enforcement on every Linux host. Block, allow, or shape traffic at line rate without taking the box out of service.
• Per-IP, per-port, per-ASN rules. Configure once, deploy fleet-wide through Amygdala.
• Rate limiting. Cap noisy clients automatically, without writing custom middleware.
• Live traffic metrics. TCP, UDP, and ICMP counters in real time, ready for your dashboards.

How it fits

Hillock is the muscle in every Synapse agent. When Amygdala says "block this fingerprint everywhere," Hillock is the layer that actually does it on Linux hosts.

Use cases

• Drop bot ASNs at wire speed across thousands of servers.
• Rate-limit aggressive scrapers per source IP without app changes.
• Per-tenant allow-listing for sensitive endpoints.
• Inline traffic counters for cost attribution and incident review.

See also

• Synapse documentation — the agent that ships Hillock
• Amygdala — the rule engine that drives Hillock fleet-wide