nftban-installer

Overview ¶

============================================================================= NFTBan v1.75 - nftban-installer - CLI flag parsing ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="nftban-installer-flags" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="CLI flag definitions and environment variable overrides" meta:inventory.files="cmd/nftban-installer/flags.go" meta:inventory.binaries="" meta:inventory.env_vars="NFTBAN_TAKEOVER, NFTBAN_INSTALLER_LOG, NFTBAN_LIFECYCLE, NFTBAN_SOURCE_DIR" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================

============================================================================= NFTBan v1.75 - nftban-installer - RPM/DEB install finalizer ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="nftban-installer" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Go-based RPM/DEB install finalizer replacing shell postinst" meta:inventory.files="/usr/lib/nftban/bin/nftban-installer" meta:inventory.binaries="nftban-installer" meta:inventory.env_vars="NFTBAN_TAKEOVER, NFTBAN_INSTALLER_LOG" meta:inventory.config_files="/etc/nftban/nftban.conf" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================

============================================================================= NFTBan v1.76.0 - nftban-installer - Phase Implementations ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="nftban-installer-phases" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Phase implementations wiring detect/render/switchop/services/validate" meta:inventory.files="cmd/nftban-installer/phases.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================

============================================================================= NFTBan v1.100 PR-24 — Restore Policy Decision Dispatcher ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="nftban-installer-restore-decide" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-20" meta:description="--mode=restore dispatcher: gather inputs, call Decide, transition state" meta:inventory.files="cmd/nftban-installer/restore_decide.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================

This dispatcher is the ONLY entry into the PR-24 restoration policy decision engine. Reached only when cfg.mode == "restore" (flags.go rejects any incompatible flag combination at parse time).

Responsibilities:

1. Classify current authority (via uninstall.Classify).
2. Probe prior-authority record (via uninstall.Probe).
3. Reduce probe result + freshness window into a restore.PriorState.
4. Detect panel context (via detect.DetectPanel).
5. Assemble restore.DecisionInput.
6. Call restore.Decide — pure, no side effects.
7. Log structured decision-path record.
8. Transition state file to the terminal (Refused / IntentRequired) or non-terminal handoff (Decided) state.
9. Return the correct exit code.

Hard discipline: NO kernel / service / filesystem mutation beyond the state-file write that Transition() performs. NO history entry (Option A continues; main.go's writeHistory gate plus IsApplyTerminal=false for all three restore states closes the write path defensively).

=============================================================================

============================================================================= NFTBan v1.100 Amendment 2 — Orphan-NFTBan restore evidence reader ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="nftban-installer-restore-decide-evidence" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-28" meta:description="§54.1 read-only evidence predicate for the G1 orphan-intent split" meta:inventory.files="cmd/nftban-installer/restore_decide_evidence.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================

Amendment 2 (contract.md §§52–61) defines a 13-row evidence predicate (§54.1) that gates the G1/AuthorityNFTBan/OrphanProceed sub-rule. This file implements the predicate as a pure read-only reader against the live host state.

Discipline:

• Read-only only. NO mutating systemctl verbs (start/stop/enable/ disable/mask/unmask/restart/daemon-reload). NO file writes. NO nft mutation. NO iptables introspection (preserves §51.3 Option B).
• Read failures map to false on the failing row, NOT to REQUIRE_EXPLICIT_INTENT (§54.2 final bullet).
• Caller (`runRestoreDecide`) invokes this only when the candidate triple is present, to avoid unnecessary live reads.

=============================================================================

============================================================================= NFTBan v1.100 PR-23 — Uninstall Apply Dispatcher ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="nftban-installer-uninstall-apply" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-20" meta:description="--mode=uninstall --confirm-mutation dispatcher: preflight + Apply + state transition" meta:inventory.files="cmd/nftban-installer/uninstall_apply.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="nftband.service" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================

This dispatcher is the ONLY entry into uninstall mutation. Reached only when:

cfg.mode             == "uninstall"  AND
cfg.confirmMutation  == true         AND
cfg.dryRun           == false

(flags.go rejects any other combination at parse time.)

Responsibilities:

1. Detect SSH port (reused from install-side detect package).
2. Classify current authority (via uninstall.Classify).
3. Preflight refusal for non-recoverable states; proceed for AuthorityNFTBan or recoverable AuthorityAmbiguous+OrphanNFTBan.
4. Invoke uninstall.Apply for the mutation sequence.
5. Transition the state file to the Apply result's terminal state.

Emergency SSH: Apply handles the entire inject/validate/remove cycle internally. The dispatcher never touches the kernel directly.

History: intentionally NOT written for uninstall mode. main.go's writeHistory guard excludes cfg.mode=="uninstall" (Option A locked 2026-04-20). Uninstall events are forensically visible only in the installer log until a dedicated uninstall-history schema lands in a later PR.

=============================================================================