nftbanconf

package
v1.0.21 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 31, 2025 License: MPL-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	APIVersion    = "v1"
	APIPathPrefix = "/api/" + APIVersion
)

API Version prefix

View Source 
const (
	// EndpointMe returns current user information
	EndpointMe = "/me"

	// EndpointDashboard returns dashboard statistics
	EndpointDashboard = "/dashboard"

	// EndpointStatus returns current firewall status
	EndpointStatus = "/status"

	// EndpointHealth returns system health check
	EndpointHealth = "/health"

	// EndpointHealthFix attempts to fix health issues
	EndpointHealthFix = "/health/fix"
)
View Source 
const (
	// EndpointBan bans an IP address
	EndpointBan = "/ban"

	// EndpointUnban removes an IP from ban list
	EndpointUnban = "/unban"

	// EndpointSearch searches for an IP across all lists
	EndpointSearch = "/search"
)
View Source 
const (
	// EndpointWhitelist - GET for list, POST for add
	EndpointWhitelist = "/whitelist"

	// EndpointWhitelistAdd explicitly adds to whitelist
	EndpointWhitelistAdd = "/whitelist/add"

	// EndpointWhitelistRemove removes from whitelist
	EndpointWhitelistRemove = "/whitelist/remove"

	// EndpointWhitelistCount returns whitelist entry count
	EndpointWhitelistCount = "/whitelist/count"
)
View Source 
const (
	// EndpointUIWhitelist - UI-formatted whitelist
	EndpointUIWhitelist = "/ui/whitelist"

	// EndpointUIListIPs - UI-formatted banned IPs list
	EndpointUIListIPs = "/ui/list-ips"
)
View Source 
const (
	// EndpointFeeds returns threat feed list and status
	EndpointFeeds = "/feeds"

	// EndpointFeedsControl enables/disables feeds
	EndpointFeedsControl = "/feeds/control"

	// EndpointFeedsStats returns feed statistics
	EndpointFeedsStats = "/feeds/stats"

	// EndpointSyncFeeds triggers feed synchronization
	EndpointSyncFeeds = "/sync-feeds"
)
View Source 
const (
	// EndpointLogs returns log file list
	EndpointLogs = "/logs"

	// EndpointLogsViewer returns log file contents
	EndpointLogsViewer = "/logs/viewer"
)
View Source 
const (
	// EndpointRules returns nftables rules
	EndpointRules = "/rules"

	// EndpointReload reloads firewall rules
	EndpointReload = "/reload"

	// EndpointFlush flushes all dynamic rules
	EndpointFlush = "/flush"

	// EndpointFirewallValidate validates nftables config
	EndpointFirewallValidate = "/firewall/validate"

	// EndpointFirewallCheck checks an IP against rules
	EndpointFirewallCheck = "/firewall/check"
)
View Source 
const (
	// EndpointMetricsEnable enables/disables metrics collection
	EndpointMetricsEnable = "/metrics/enable"

	// EndpointMetricsStatus returns metrics collection status
	EndpointMetricsStatus = "/metrics/status"

	// EndpointMetricsSnapshot returns current metrics snapshot
	EndpointMetricsSnapshot = "/metrics/snapshot"
)
View Source 
const (
	// EndpointStatsTraffic returns traffic statistics
	EndpointStatsTraffic = "/stats/traffic"

	// EndpointStatsBans returns ban statistics
	EndpointStatsBans = "/stats/bans"

	// EndpointStatsCountries returns country-based statistics
	EndpointStatsCountries = "/stats/countries"
)
View Source 
const (
	// EndpointNetworkBandwidth returns bandwidth usage
	EndpointNetworkBandwidth = "/network/bandwidth"

	// EndpointNetworkConnections returns active connections
	EndpointNetworkConnections = "/network/connections"

	// EndpointNetworkMetricsSamples returns metrics samples
	EndpointNetworkMetricsSamples = "/network/metrics/samples"
)
View Source 
const (
	// EndpointBandwidthCurrent returns current bandwidth
	EndpointBandwidthCurrent = "/bandwidth/current"

	// EndpointBandwidthHistory returns bandwidth history
	EndpointBandwidthHistory = "/bandwidth/history"

	// EndpointBandwidthInterfaces returns interface stats
	EndpointBandwidthInterfaces = "/bandwidth/interfaces"

	// EndpointBandwidthConnections returns connection stats
	EndpointBandwidthConnections = "/bandwidth/connections"
)
View Source 
const (
	// EndpointGeo returns geo-blocking status
	EndpointGeo = "/geo"
)
View Source 
const (
	// EndpointLogin handles user authentication
	EndpointLogin = "/login"
)
View Source 
const (
	// EndpointSystemHostname returns system hostname
	EndpointSystemHostname = "/system/hostname"
)

Variables

View Source 
var (

	// Default config file path
	DefaultConfigFile = "/etc/nftban/nftban.conf"
)

Functions

func AllNFTBanServices 

func AllNFTBanServices() []string

AllNFTBanServices returns list of all nftban-owned service names

func AllNFTBanTimers 

func AllNFTBanTimers() []string

AllNFTBanTimers returns list of all nftban-owned timer names

func ExternalServices 

func ExternalServices() []string

ExternalServices returns list of external services that nftban integrates with

func FullPath 

func FullPath(endpoint string) string

FullPath returns the full API path including version prefix

func GetAdminEndpoints 

func GetAdminEndpoints() []string

GetAdminEndpoints returns endpoints that require admin privileges

func GetLogFile 

func GetLogFile(category LogCategory) string

GetLogFile returns the path for a specific log category

func GetPublicEndpoints 

func GetPublicEndpoints() []string

GetPublicEndpoints returns endpoints that don't require authentication

func IsAdminEndpoint 

func IsAdminEndpoint(path string) bool

IsAdminEndpoint checks if a path requires admin privileges

func LogDir 

func LogDir() string

LogDir returns the base log directory NO FALLBACK - path must come from /etc/nftban/nftban.conf

func LogPathForDate 

func LogPathForDate(category LogCategory, dateSuffix string) string

LogPathForDate returns a log file path with date suffix Useful for accessing rotated logs like nftban.log.2024-01-15

func Reload 

func Reload() error

Reload forces config reload (for testing or config changes)

func SuricataLogDir 

func SuricataLogDir() string

SuricataLogDir returns the Suricata log directory NO FALLBACK - path must come from /etc/nftban/nftban.conf

Types

type CommandPaths 

type CommandPaths struct {
	// contains filtered or unexported fields
}

CommandPaths provides paths to CLI binaries and scripts

func Commands 

func Commands() *CommandPaths

Commands returns command path builder (loads config if needed)

func (*CommandPaths) AuditLog 

func (c *CommandPaths) AuditLog() string

AuditLog returns path to audit log (actions)

func (*CommandPaths) AuthBin 

func (c *CommandPaths) AuthBin() string

AuthBin returns path to nftban-ui-auth helper

func (*CommandPaths) BansLog 

func (c *CommandPaths) BansLog() string

BansLog returns path to bans log

func (*CommandPaths) Bin 

func (c *CommandPaths) Bin() string

Bin returns path to main nftban CLI (bash wrapper)

func (*CommandPaths) BlacklistD 

func (c *CommandPaths) BlacklistD() string

BlacklistD returns path to blacklist.d directory

func (*CommandPaths) CLIScript 

func (c *CommandPaths) CLIScript(name string) string

CLIScript returns path to CLI command script

func (*CommandPaths) CacheFile 

func (c *CommandPaths) CacheFile(name string) string

CacheFile returns path to a cache file

func (*CommandPaths) ConfigFile 

func (c *CommandPaths) ConfigFile(name string) string

ConfigFile returns path to a config file

func (*CommandPaths) ConfigVersion 

func (c *CommandPaths) ConfigVersion() string

ConfigVersion returns config file version

func (*CommandPaths) CoreBin 

func (c *CommandPaths) CoreBin() string

CoreBin returns path to nftban-core Go binary

func (*CommandPaths) CoreScript 

func (c *CommandPaths) CoreScript(name string) string

CoreScript returns path to core library script

func (*CommandPaths) DebugString 

func (c *CommandPaths) DebugString() string

DebugString returns a summary of all paths for debugging

func (*CommandPaths) ExportFile 

func (c *CommandPaths) ExportFile(name string) string

ExportFile returns path to an export file

func (*CommandPaths) ExporterScript 

func (c *CommandPaths) ExporterScript(name string) string

ExporterScript returns path to exporter script

func (*CommandPaths) ExportsDir 

func (c *CommandPaths) ExportsDir() string

ExportsDir returns path to exports directory

func (*CommandPaths) FeedFile 

func (c *CommandPaths) FeedFile(name string) string

FeedFile returns path to a specific feed file Example: FeedFile("firehol_level1.netset") -> /var/lib/nftban/feeds/firehol_level1.netset

func (*CommandPaths) FeedsDir 

func (c *CommandPaths) FeedsDir() string

FeedsDir returns path to feeds data directory

func (*CommandPaths) GUIAddr 

func (c *CommandPaths) GUIAddr() string

GUIAddr returns the GUI listen address

func (*CommandPaths) GeoIPDir 

func (c *CommandPaths) GeoIPDir() string

GeoIPDir returns path to geoip data directory

func (*CommandPaths) GeoIPDownloadScript 

func (c *CommandPaths) GeoIPDownloadScript() string

GeoIPDownloadScript returns path to geoip download script

func (*CommandPaths) GeoIPFile 

func (c *CommandPaths) GeoIPFile(name string) string

GeoIPFile returns path to a specific GeoIP file Example: GeoIPFile("GR.zone") -> /var/lib/nftban/geoip/GR.zone

func (*CommandPaths) GeobanD 

func (c *CommandPaths) GeobanD() string

GeobanD returns path to geoban.d directory

func (*CommandPaths) HealthScript 

func (c *CommandPaths) HealthScript() string

HealthScript returns path to nftban_health.sh

func (*CommandPaths) HelperScript 

func (c *CommandPaths) HelperScript(name string) string

HelperScript returns path to helper script

func (*CommandPaths) IsDDoSEnabled 

func (c *CommandPaths) IsDDoSEnabled() bool

IsDDoSEnabled returns true if DDoS protection is enabled

func (*CommandPaths) IsFeedsEnabled 

func (c *CommandPaths) IsFeedsEnabled() bool

IsFeedsEnabled returns true if threat feeds are enabled

func (*CommandPaths) IsGUIEnabled 

func (c *CommandPaths) IsGUIEnabled() bool

IsGUIEnabled returns true if web GUI is enabled

func (*CommandPaths) IsGeoIPEnabled 

func (c *CommandPaths) IsGeoIPEnabled() bool

IsGeoIPEnabled returns true if GeoIP is enabled

func (*CommandPaths) IsLoginMonitorEnabled 

func (c *CommandPaths) IsLoginMonitorEnabled() bool

IsLoginMonitorEnabled returns true if login monitoring is enabled

func (*CommandPaths) IsMetricsEnabled 

func (c *CommandPaths) IsMetricsEnabled() bool

IsMetricsEnabled returns true if metrics are enabled

func (*CommandPaths) IsPortscanEnabled 

func (c *CommandPaths) IsPortscanEnabled() bool

IsPortscanEnabled returns true if portscan detection is enabled

func (*CommandPaths) IsSuricataEnabled 

func (c *CommandPaths) IsSuricataEnabled() bool

IsSuricataEnabled returns true if Suricata integration is enabled

func (*CommandPaths) LibScript 

func (c *CommandPaths) LibScript(subdir, script string) string

LibScript returns path to a library script Example: LibScript("core", "nftban_sync.sh") -> /usr/lib/nftban/core/nftban_sync.sh

func (*CommandPaths) LogFile 

func (c *CommandPaths) LogFile(name string) string

LogFile returns path to a log file

func (*CommandPaths) MainConfig 

func (c *CommandPaths) MainConfig() string

MainConfig returns path to main nftban.conf

func (*CommandPaths) MainLog 

func (c *CommandPaths) MainLog() string

MainLog returns path to main nftban.log

func (*CommandPaths) MetricsBackend 

func (c *CommandPaths) MetricsBackend() string

MetricsBackend returns the metrics backend type

func (*CommandPaths) MetricsDir 

func (c *CommandPaths) MetricsDir() string

MetricsDir returns path to metrics data directory

func (*CommandPaths) MetricsJSON 

func (c *CommandPaths) MetricsJSON() string

MetricsJSON returns path to JSON metrics file

func (*CommandPaths) NFTSetBlacklist 

func (c *CommandPaths) NFTSetBlacklist(ipv4 bool) string

NFTSetBlacklist returns the blacklist set name for the given IP family

func (*CommandPaths) NFTSetGeoBlock 

func (c *CommandPaths) NFTSetGeoBlock(ipv4 bool) string

NFTSetGeoBlock returns the geo block set name for the given IP family

func (*CommandPaths) NFTSetTempBan 

func (c *CommandPaths) NFTSetTempBan(ipv4 bool) string

NFTSetTempBan returns the temp ban set name for the given IP family

func (*CommandPaths) NFTSetWhitelist 

func (c *CommandPaths) NFTSetWhitelist(ipv4 bool) string

NFTSetWhitelist returns the whitelist set name for the given IP family

func (*CommandPaths) NFTTableIPv4 

func (c *CommandPaths) NFTTableIPv4() string

NFTTableIPv4 returns the IPv4 table reference (e.g., "ip nftban")

func (*CommandPaths) NFTTableIPv6 

func (c *CommandPaths) NFTTableIPv6() string

NFTTableIPv6 returns the IPv6 table reference (e.g., "ip6 nftban")

func (*CommandPaths) NFTablesScript 

func (c *CommandPaths) NFTablesScript() string

NFTablesScript returns path to nftban_nftables.sh

func (*CommandPaths) PIDFile 

func (c *CommandPaths) PIDFile() string

PIDFile returns path to PID file

func (*CommandPaths) PortsD 

func (c *CommandPaths) PortsD() string

PortsD returns path to ports.d directory

func (*CommandPaths) PrometheusExporter 

func (c *CommandPaths) PrometheusExporter() string

PrometheusExporter returns path to prometheus exporter

func (*CommandPaths) PrometheusFile 

func (c *CommandPaths) PrometheusFile() string

PrometheusFile returns path to prometheus metrics file

func (*CommandPaths) ReportFile 

func (c *CommandPaths) ReportFile(name string) string

ReportFile returns path to a report file

func (*CommandPaths) ReportsDir 

func (c *CommandPaths) ReportsDir() string

ReportsDir returns path to reports directory

func (*CommandPaths) SetupScript 

func (c *CommandPaths) SetupScript(name string) string

SetupScript returns path to setup script

func (*CommandPaths) SnapshotFile 

func (c *CommandPaths) SnapshotFile(name string) string

SnapshotFile returns path to a snapshot file

func (*CommandPaths) SnapshotsDir 

func (c *CommandPaths) SnapshotsDir() string

SnapshotsDir returns path to snapshots directory

func (*CommandPaths) SocketFile 

func (c *CommandPaths) SocketFile() string

SocketFile returns path to socket file

func (*CommandPaths) StatsScript 

func (c *CommandPaths) StatsScript() string

StatsScript returns path to nftban_stats.sh

func (*CommandPaths) SyncScript 

func (c *CommandPaths) SyncScript() string

SyncScript returns path to nftban_sync.sh

func (*CommandPaths) TempFile 

func (c *CommandPaths) TempFile(name string) string

TempFile returns path to a temp file in run directory

func (*CommandPaths) UIBin 

func (c *CommandPaths) UIBin() string

UIBin returns path to nftban-ui Go binary

func (*CommandPaths) ValidatorScript 

func (c *CommandPaths) ValidatorScript() string

ValidatorScript returns path to nftban_validator.sh

func (*CommandPaths) Version 

func (c *CommandPaths) Version() string

Version returns NFTBan version string

func (*CommandPaths) WhitelistConfig 

func (c *CommandPaths) WhitelistConfig() string

WhitelistConfig returns path to main whitelist.conf

func (*CommandPaths) WhitelistD 

func (c *CommandPaths) WhitelistD() string

WhitelistD returns path to whitelist.d directory

type Config 

type Config struct {
	// Version
	Version       string
	ConfigVersion string

	// Binary paths (from nftban.conf PATHS section)
	Bin     string // NFTBAN_BIN - main CLI
	CoreBin string // NFTBAN_CORE_BIN - Go core binary
	UIBin   string // NFTBAN_UI_BIN - Web UI binary
	AuthBin string // NFTBAN_AUTH_BIN - Auth helper

	// Directory paths
	LibDir    string // NFTBAN_LIB_DIR
	ConfigDir string // NFTBAN_CONFIG_DIR
	DataDir   string // NFTBAN_DATA_DIR
	LogDir    string // NFTBAN_LOG_DIR
	CacheDir  string // NFTBAN_CACHE_DIR
	RunDir    string // NFTBAN_RUN_DIR

	// Feature flags
	MetricsEnabled          bool   // NFTBAN_METRICS_ENABLED
	MetricsBackend          string // NFTBAN_METRICS_BACKEND
	MetricsSamplingInterval int    // NFTBAN_METRICS_SAMPLING_INTERVAL (seconds)
	MetricsMaxSamples       int    // NFTBAN_METRICS_MAX_SAMPLES
	PrometheusDir           string // NFTBAN_PROMETHEUS_DIR (node_exporter textfile dir)
	MetricsPrometheusAddr   string // NFTBAN_METRICS_PROMETHEUS_ADDR
	MetricsNodeExporterAddr string // NFTBAN_METRICS_NODE_EXPORTER_ADDR
	MetricsVictoriaAddr     string // NFTBAN_METRICS_VICTORIA_ADDR
	GeoIPEnabled            bool   // NFTBAN_GEOIP_ENABLED
	GeoIPLicenseKey         string // NFTBAN_GEOIP_LICENSE_KEY
	FeedsEnabled            bool   // NFTBAN_FEEDS_ENABLED
	FeedsAutoUpdate         bool   // NFTBAN_FEEDS_AUTO_UPDATE
	SuricataEnabled         bool   // NFTBAN_SURICATA_ENABLED
	GUIEnabled              bool   // NFTBAN_GUI_ENABLED
	GUIAddr                 string // NFTBAN_GUI_ADDR
	PortscanEnabled         bool   // NFTBAN_PORTSCAN_ENABLED
	DDoSEnabled             bool   // NFTBAN_DDOS_ENABLED
	LoginMonitorEnabled     bool   // NFTBAN_LOGIN_MONITOR_ENABLED

	// Suricata settings
	SuricataEveLog              string // NFTBAN_SURICATA_EVE_LOG
	SuricataLogDir              string // NFTBAN_SURICATA_LOG_DIR
	SuricataBanThreshold        int    // NFTBAN_SURICATA_BAN_THRESHOLD
	SuricataScoreDecay          int    // NFTBAN_SURICATA_SCORE_DECAY
	SuricataCloudflareWhitelist bool   // NFTBAN_SURICATA_CLOUDFLARE_WHITELIST

	// Grafana settings
	GrafanaEnabled bool   // NFTBAN_GRAFANA_ENABLED
	GrafanaURL     string // NFTBAN_GRAFANA_URL
	GrafanaAPIKey  string // NFTBAN_GRAFANA_API_KEY

	// Logging
	LogLevel      string // NFTBAN_LOG_LEVEL
	ColorOutput   bool   // NFTBAN_COLOR_OUTPUT
	DebugTrace    bool   // NFTBAN_DEBUG_TRACE
	DebugTraceLog string // NFTBAN_DEBUG_TRACE_LOG

	// Distro config
	DistroConfDir string // NFTBAN_DISTRO_CONF_DIR
}

Config holds all NFTBan configuration from /etc/nftban/nftban.conf Variable names match the bash config exactly (e.g., NFTBAN_BIN -> Bin)

func Get 

func Get() *Config

Get returns the cached config (Load must be called first)

func Load 

func Load() (*Config, error)

Load reads configuration from /etc/nftban/nftban.conf This is called once at startup - config is cached

func MustLoad 

func MustLoad() *Config

MustLoad loads config or panics - use in init()

type EndpointInfo 

type EndpointInfo struct {
	Path        string   // URL path (relative to API prefix)
	Methods     []string // HTTP methods supported
	Description string   // Human-readable description
	Auth        bool     // Requires authentication
	Admin       bool     // Requires admin privileges
	Deprecated  bool     // Marked for deprecation
}

EndpointInfo describes an API endpoint

func AllEndpoints 

func AllEndpoints() []EndpointInfo

AllEndpoints returns metadata for all API endpoints Useful for documentation generation and OpenAPI specs

type LockFiles 

type LockFiles struct {
	Sync        string // sync operations
	Feeds       string // feed updates
	Maintenance string // maintenance tasks
	GeoIP       string // geoip updates
}

LockFiles holds lock file paths for exclusive operations

func GetLockFiles 

func GetLockFiles() *LockFiles

GetLockFiles returns lock file paths from central config

type LogCategory 

type LogCategory string

LogCategory represents different log categories 

const (
	LogCategoryMain        LogCategory = "main"
	LogCategoryAudit       LogCategory = "audit"
	LogCategoryBans        LogCategory = "bans"
	LogCategoryPortscan    LogCategory = "portscan"
	LogCategoryDDoS        LogCategory = "ddos"
	LogCategoryLoginAlert  LogCategory = "login_alert"
	LogCategoryFeeds       LogCategory = "feeds"
	LogCategoryGeoban      LogCategory = "geoban"
	LogCategoryCron        LogCategory = "cron"
	LogCategoryMaintenance LogCategory = "maintenance"
	LogCategoryCLIErrors   LogCategory = "cli_errors"
	LogCategorySuricata    LogCategory = "suricata"
	LogCategoryDebug       LogCategory = "debug"
)

type LogFileInfo 

type LogFileInfo struct {
	Category    LogCategory
	Path        string
	Description string
	Rotation    string // logrotate frequency: daily, weekly, monthly
	Retain      int    // number of rotated files to keep
}

LogFileInfo holds metadata about a log file

func AllLogFiles 

func AllLogFiles() []LogFileInfo

AllLogFiles returns information about all nftban log files

func SuricataLogFiles 

func SuricataLogFiles() []LogFileInfo

SuricataLogFiles returns all Suricata-related log files

type NFTables 

type NFTables struct {
	TableIPv4     string
	TableIPv6     string
	BlacklistIPv4 string
	BlacklistIPv6 string
	WhitelistIPv4 string
	WhitelistIPv6 string
	TempBanIPv4   string
	TempBanIPv6   string
	GeoBlockIPv4  string
	GeoBlockIPv6  string
}

NFTables references (table/chain/set names)

func GetNFT 

func GetNFT() *NFTables

GetNFT returns NFTables references

type PIDFiles 

type PIDFiles struct {
	Main   string // nftban main process
	Daemon string // nftband daemon
	UI     string // nftban-ui web server
	UIAuth string // nftban-ui-auth daemon
}

PIDFiles holds PID file paths

func GetPIDFiles 

func GetPIDFiles() *PIDFiles

GetPIDFiles returns PID file paths from central config

type Paths 

type Paths struct {
	// Data subdirectories
	FeedsDir     string
	GeoIPDir     string
	MetricsDir   string
	SnapshotsDir string
	ReportsDir   string
	ExportsDir   string

	// Config subdirectories
	ConfD      string
	WhitelistD string
	BlacklistD string
	PortsD     string
	GeobanD    string
	DistrosD   string

	// Log files
	MainLog        string
	AuditLog       string
	BansLog        string
	PortscanLog    string
	DDoSLog        string
	LoginAlertLog  string
	FeedsLog       string
	GeobanLog      string
	CronLog        string
	MaintenanceLog string
	CLIErrorsLog   string

	// Suricata log files
	SuricataEveLog   string
	SuricataFastLog  string
	SuricataStatsLog string
	SuricataMainLog  string

	// Runtime files
	PIDFile    string
	SocketFile string

	// Metrics files
	PrometheusFile          string // nftban.prom
	PrometheusBandwidthFile string // nftban_bandwidth.prom
	MetricsJSON             string
}

Derived paths (computed from base paths)

func GetPaths 

func GetPaths() *Paths

GetPaths returns derived paths

func MustLoadPaths 

func MustLoadPaths() *Paths

MustLoadPaths loads config and returns paths or panics NO FALLBACK - paths must come from /etc/nftban/nftban.conf

type ServiceNames 

type ServiceNames struct {
	// Main services
	MainService   string // nftban.service
	CoreService   string // nftban-core.service (Go daemon)
	UIService     string // nftban-ui.service
	UIAuthService string // nftban-ui-auth.service
	DaemonService string // nftband.service (unified daemon)

	// Timers
	SyncTimer        string // nftban-sync.timer
	MaintenanceTimer string // nftban-maintenance.timer
	FeedsTimer       string // nftban-feeds.timer
	GeoIPTimer       string // nftban-geoip.timer
	MetricsTimer     string // nftban-metrics.timer
	HealthTimer      string // nftban-health.timer

	// Detection services
	PortscanService string // nftban-portscan.service
	DDoSService     string // nftban-ddos.service
	LoginMonService string // nftban-loginmon.service
	SuricataService string // nftban-suricata.service

	// Integration services
	Fail2banService string // fail2ban.service (external)
	NFTablesService string // nftables.service (external)
	NodeExporter    string // node_exporter.service (external)
	Prometheus      string // prometheus.service (external)
	Grafana         string // grafana-server.service (external)
}

ServiceNames holds all systemd service/timer/socket unit names

func GetServices 

func GetServices() *ServiceNames

GetServices returns the service names registry

type SocketPaths 

type SocketPaths struct {
	CLI     string // /run/nftban/nftban.sock - CLI communication
	Daemon  string // /run/nftban/nftband.sock - daemon socket
	UIAuth  string // /run/nftban-ui/auth.sock - PAM auth socket
	Metrics string // /run/nftban/metrics.sock - metrics socket
}

SocketPaths holds Unix socket paths used by nftban

func GetSockets 

func GetSockets() *SocketPaths

GetSockets returns socket paths from central config

type Timeouts 

type Timeouts struct {
	Fast   time.Duration // status, simple queries
	Medium time.Duration // ban, unban, search
	Slow   time.Duration // sync, health check, feed updates
}

Timeouts for CLI command execution (centralized)

func GetTimeouts 

func GetTimeouts() *Timeouts

GetTimeouts returns command timeouts

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.