-Gatebot: analyzes traffic hitting our edge and deploys DDoS mitigations matching suspect traffic. -bpftools: generates Berkeley Packet Filter (BPF) bytecode that matches packets based on DNS queries, p0F signatures, or tcpdump filters. -Iptables: matches traffic against the BPF generated by bpftools using the xt_bpf module, and drops it. -Floodgate: offloads work from iptables during big attacks that could otherwise overwhelm the kernel networking stack. Incoming traffic bypasses the kernel to go directly to a BPF interpreter in userspace, which efficiently drops packets matching the BPF rules produced by bpftools.