nftban

package module
v1.136.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2026 License: MPL-2.0 Imports: 0 Imported by: 0

README

NFTBan

Linux Intrusion Prevention System & nftables Firewall Manager

Version Go FHS Compliant

CI/CD Status

Shell Quality Go Quality Architecture Build Packages Release

Security & Supply Chain

SLSA 3 OpenSSF Scorecard OpenSSF Best Practices CodeQL OSV-Scanner gitleaks

NFTBan is an open-source Linux Intrusion Prevention System (IPS) and firewall manager built on nftables, designed to integrate cleanly with modern Linux security stacks.

All packet decisions (accept, drop, bypass) are enforced in the nftables kernel. The Go daemon writes to kernel sets. The Go validator derives health from kernel state. The CLI presents kernel-derived truth.

What NFTBan Provides
  • nftables-native enforcement with kernel-managed timeouts
  • Threat feed ingestion with CIDR aggregation
  • Country blocking via GeoIP (DB-IP Lite default)
  • Login brute-force detection across SSH, mail, FTP, panel services
  • Port scan detection (classic + Suricata modes)
  • L3/L4 rate limiting and connection limits
  • HTTP bot classification with 6 dedicated kernel sets
  • Optional Suricata DPI integration (EVE JSON)
  • 4-axis health model with kernel-derived truth validator
  • Atomic nftables schema rebuild (validate before load)
  • 5-phase installer with emergency SSH table

Truth Authority

Priority Component Role
1 Kernel (nft list ruleset) What is actually enforcing
2 Validator (nftban-validate) Derives health from kernel evidence
3 CLI (nftban) Presents validator output to operator
4 Config (/etc/nftban/) Operator intent (not runtime truth)

When sources disagree, kernel wins.

Evidence Model

NFTBan derives protection state from kernel-observable evidence:

Evidence Meaning Strength
Counter > 0 Packet processing observed Strong
Set membership > 0 State present in kernel Strong
Structure exists Rules/chains present Weak (presence only)
Journal event External event (daemon/logs) Context-dependent

Interpretation rules:

  • Counter > 0 = positive evidence of enforcement
  • Counter = 0 = neutral (not a failure)
  • Structure alone does not imply enforcement
  • Absence of evidence is not evidence of absence

Protection Modules

Module Layer Evidence Daemon
DDoS Protection L3/L4 5 dedicated kernel counters NO
BotGuard L7 HTTP 6 dedicated kernel sets YES
Portscan Detection L3/L4 Structure only (no counter) NO
Login Monitoring L2 Auth Journal + shared sets YES
Blacklist & Feeds L1 IP Shared sets + counters Partial
Suricata IDS L7 DPI EVE JSON (external) YES
DNS Tunnel Advisory DNS analysis (non-blocking) YES

Quick Install

Tier 0 — Primary Platforms
Ubuntu 24.04 LTS (Noble)
wget https://github.com/itcmsgr/nftban/releases/latest/download/nftban-ubuntu24.04-amd64.deb
sudo apt install -y ./nftban-ubuntu24.04-amd64.deb
Debian 12 (Bookworm)
wget https://github.com/itcmsgr/nftban/releases/latest/download/nftban-debian12-amd64.deb
sudo apt install -y ./nftban-debian12-amd64.deb
Rocky / AlmaLinux / RHEL 9
wget https://github.com/itcmsgr/nftban/releases/latest/download/nftban-el9-x86_64.rpm
sudo dnf install -y ./nftban-el9-x86_64.rpm
Tier 1 — Future Platforms
Debian 13 (Trixie)
wget https://github.com/itcmsgr/nftban/releases/latest/download/nftban-debian13-amd64.deb
sudo apt install -y ./nftban-debian13-amd64.deb
Rocky / AlmaLinux / RHEL 10
wget https://github.com/itcmsgr/nftban/releases/latest/download/nftban-el10-x86_64.rpm
sudo dnf install -y ./nftban-el10-x86_64.rpm
Tier 2 — Legacy Platforms
Ubuntu 22.04 LTS (Jammy)
wget https://github.com/itcmsgr/nftban/releases/latest/download/nftban-ubuntu22.04-amd64.deb
sudo apt install -y ./nftban-ubuntu22.04-amd64.deb

Available Packages

RPM Packages (EL Family)
Tier Distribution Version Package
0 Rocky / Alma / RHEL / CentOS Stream 9 nftban-el9-x86_64.rpm
1 Rocky / Alma / RHEL / CentOS Stream 10 nftban-el10-x86_64.rpm
DEB Packages (Ubuntu + Debian)
Tier Distribution Version Package
0 Ubuntu 24.04 (Noble) nftban-ubuntu24.04-amd64.deb
0 Debian 12 (Bookworm) nftban-debian12-amd64.deb
1 Debian 13 (Trixie) nftban-debian13-amd64.deb
2 Ubuntu 22.04 (Jammy) nftban-ubuntu22.04-amd64.deb

Packages are distro-specific and FHS compliant. Use the package matching your exact distribution version. See Supported Platforms for the full platform contract.

Quick Start

# Check system health (kernel-derived truth)
nftban health

# Check validator output directly
nftban-validate --json

# Enable modules
nftban ddos enable
nftban portscan enable
nftban botguard enable
nftban login enable
nftban geoban enable

# Common operations
nftban ban 1.2.3.4
nftban unban 1.2.3.4
nftban status

Health States

State Meaning Exit
PROTECTED All axes pass, system capable of enforcement 0
IDLE All axes pass, no relevant traffic 0
DEGRADED One or more axes fail 1
DOWN Critical failure 2 
nftban health           # 4-axis truth table
nftban-validate --json  # full validator output

Validator Scope

The validator is kernel-first and derives truth from observable evidence. Kernel-resident evidence (counters, sets, chains) is authoritative for enforcement state. Some module-specific runtime evidence may come from bounded daemon or journal observations where defined by the module contract.

Current scope boundaries:

  • Portscan: no dedicated kernel counter — enforcement cannot be proven
  • LoginMon: journal-based evidence — may enforce while validator reports IDLE
  • Blacklist: shared counters — per-source attribution not possible from kernel

The validator reports observable truth, not complete system behavior.

Architecture

Kernel (nftables)     ← packet decisions enforced here
  ↑ reads
Go validator          ← derives health state
  ↑ reads
CLI (nftban)          ← presents to operator
  ↑ reads
Config (/etc/nftban/) ← operator intent
Component Type Purpose
nftban Shell CLI Operator interface, schema generation
nftband Go daemon Ban execution, loginmon, BotGuard scoring
nftban-validate Go binary Read-only kernel truth validator (~1ms)

Core Invariants

The following rules define NFTBan behavior:

  1. Kernel is the only enforcement authority
  2. Validator derives truth from kernel state
  3. CLI presents validator output only
  4. Configuration expresses intent, not runtime state
  5. Shared evidence cannot be used for attribution

These invariants are enforced by validation logic and CI gates.

Metrics and Observability

The daemon exposes runtime metrics on http://127.0.0.1:9580/metrics (localhost only, Prometheus text exposition format). This is the canonical runtime metrics surface. As of v1.89, the evidence layer reads all kernel data from the validator — no duplicate nft queries.

The watchdog subsystem provides adaptive resource control. It monitors process, Go runtime, and kernel metrics, and adjusts operating mode (NORMAL → DEGRADED → SURVIVAL) based on memory and CPU pressure. Server profile detection (Small/Medium/Large) automatically tunes memory budgets and CIDR limits based on available RAM.

Go Module Notice

NFTBan is a system-level firewall product, not a general-purpose Go library.

Supported Public Packages
Package Purpose
pkg/ipc IPC client for daemon communication
pkg/version Version information

All packages under internal/ are implementation details.

Requirements

  • Linux: Rocky/Alma/RHEL 9-10, Ubuntu 22.04+, Debian 12+
  • nftables: 1.0+
  • Bash: 4.4+
  • systemd: 252+
  • jq: JSON processor
  • Go 1.24+: For building from source (optional)

Security

SLSA Level 3 provenance, 9 automated security tools (CodeQL, OSV-Scanner, gitleaks, Trivy, gosec, ShellCheck, Semgrep, Fuzz, Dependency Review), SBOM with every release, all GitHub Actions SHA-pinned.

See SECURITY.md for vulnerability reporting and full pipeline details.

Documentation

Section Link
Wiki Home Complete documentation
Architecture System design + truth model
Health Model 4-axis derivation
CLI Reference All commands + trust levels
Glossary Canonical terminology
Known Limitations Validator scope per module
Installation Install guide

License

NFTBan Core is licensed under the Mozilla Public License 2.0 (MPL-2.0).

Copyright (c) 2024-2026 NFTBan Project / Antonios Voulvoulis

MPL-2.0 is file-level copyleft: you may use, modify, and distribute freely. Modified MPL files must remain open. Your own separate code is unaffected.

Layer License
Core engine MPL-2.0
Pro portal Commercial
Brand assets All rights reserved

See LICENSE for full text. "NFTBan" is a trademark — forks must use a different name. See TRADEMARK.md.

NFTBan — Linux IPS & nftables Firewall Manager
nftban.com | Report Issue | Discussions

Documentation

Overview

Package nftban is a system-level nftables IPS firewall.

NFTBan is a production firewall product consisting of a daemon (nftband), CLI engine (nftban-core), and shell framework. It is NOT a general-purpose Go library or embeddable SDK.

For Go Developers

If you want to interact with a running NFTBan daemon from Go code, use the IPC client package: 

import "github.com/itcmsgr/nftban/pkg/ipc"

client := ipc.NewClient()
resp, err := client.Ban("192.168.1.100", 0, "reason", "source")

All other packages are internal implementation details and should not be imported directly. They may change without notice between releases.

Product Documentation

For installation, configuration, and usage documentation, visit: https://github.com/itcmsgr/nftban/wiki

Source Files

View all Source files

Directories

Path Synopsis
cmd
nftban-core command
nftban-installer command
============================================================================= NFTBan v1.75 - nftban-installer - CLI flag parsing ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="nftban-installer-flags" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="CLI flag definitions and environment variable overrides" meta:inventory.files="cmd/nftban-installer/flags.go" meta:inventory.binaries="" meta:inventory.env_vars="NFTBAN_TAKEOVER, NFTBAN_INSTALLER_LOG, NFTBAN_LIFECYCLE, NFTBAN_SOURCE_DIR" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
 ============================================================================= NFTBan v1.75 - nftban-installer - CLI flag parsing ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="nftban-installer-flags" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="CLI flag definitions and environment variable overrides" meta:inventory.files="cmd/nftban-installer/flags.go" meta:inventory.binaries="" meta:inventory.env_vars="NFTBAN_TAKEOVER, NFTBAN_INSTALLER_LOG, NFTBAN_LIFECYCLE, NFTBAN_SOURCE_DIR" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
nftban-validate command
============================================================================= NFTBan v1.78 - Kernel Validator Command ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="nftban-validate" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-05" meta:description="Production kernel validator binary for CLI integration" meta:inventory.files="cmd/nftban-validate/main.go" meta:inventory.binaries="nftban-validate" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.78 - Kernel Validator Command ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="nftban-validate" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-05" meta:description="Production kernel validator binary for CLI integration" meta:inventory.files="cmd/nftban-validate/main.go" meta:inventory.binaries="nftban-validate" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
nftband command
validate-test command
============================================================================= NFTBan v1.78 - Validator Test Command ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="validate-test" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-05" meta:description="Test command for kernel validator" meta:inventory.files="cmd/validate-test/main.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.78 - Validator Test Command ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="validate-test" meta:type="cmd" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-05" meta:description="Test command for kernel validator" meta:inventory.files="cmd/validate-test/main.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
internal
analytics
Package analytics provides efficient batch operations for report generation
 Package analytics provides efficient batch operations for report generation
banlog
SPDX-License-Identifier: MPL-2.0 Copyright (c) 2025 Antonios Voulvoulis <contact@nftban.com>
 SPDX-License-Identifier: MPL-2.0 Copyright (c) 2025 Antonios Voulvoulis <contact@nftban.com>
blacklist
botguard
botguard/profiles
configloader
constants
============================================================================= NFTBan v1.96.0 - Centralized Binary Path Constants ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="constants/paths" meta:type="package" meta:version="1.96.0" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:description="Centralized binary path constants for internal tools" meta:inventory.files="paths.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
 ============================================================================= NFTBan v1.96.0 - Centralized Binary Path Constants ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="constants/paths" meta:type="package" meta:version="1.96.0" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:description="Centralized binary path constants for internal tools" meta:inventory.files="paths.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
ddos
escalation
eventbus
feeds
Package feeds handles threat intelligence feed processing for NFTBan.
 Package feeds handles threat intelligence feed processing for NFTBan.
geoban
geoip
installer/audit
============================================================================= NFTBan v1.100 PR-22B — Lifecycle Purity Audit Harness ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-audit-harness" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-19" meta:description="Reusable purity-check helpers for dry-run / observational paths" meta:inventory.files="internal/installer/audit/harness.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
 ============================================================================= NFTBan v1.100 PR-22B — Lifecycle Purity Audit Harness ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-audit-harness" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-19" meta:description="Reusable purity-check helpers for dry-run / observational paths" meta:inventory.files="internal/installer/audit/harness.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
installer/authority
============================================================================= NFTBan v1.73 - Installer Authority Classification ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-authority-classify" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Authority decision tree: UPDATE/TAKEOVER/FRESH/ABORT/AMBIGUOUS" meta:inventory.files="internal/installer/authority/classify.go" meta:inventory.binaries="" meta:inventory.env_vars="NFTBAN_TAKEOVER, NFTBAN_PANEL_AUTO_TAKEOVER" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.73 - Installer Authority Classification ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-authority-classify" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Authority decision tree: UPDATE/TAKEOVER/FRESH/ABORT/AMBIGUOUS" meta:inventory.files="internal/installer/authority/classify.go" meta:inventory.binaries="" meta:inventory.env_vars="NFTBAN_TAKEOVER, NFTBAN_PANEL_AUTO_TAKEOVER" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/deps
============================================================================= NFTBan v1.76.0 - Installer Dependency Auto-Install ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-deps" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-05" meta:description="Auto-install missing dependencies during postinst (dpkg lock released)" meta:inventory.files="internal/installer/deps/deps.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.76.0 - Installer Dependency Auto-Install ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-deps" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-05" meta:description="Auto-install missing dependencies during postinst (dpkg lock released)" meta:inventory.files="internal/installer/deps/deps.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/detect
============================================================================= NFTBan v1.73 - Installer Conflict Detection (PR-P2-2: thin adapter over extfw) ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-detect-conflicts" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Conflicting firewall detection (services + ghost nft tables)" meta:inventory.files="internal/installer/detect/conflicts.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.73 - Installer Conflict Detection (PR-P2-2: thin adapter over extfw) ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-detect-conflicts" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Conflicting firewall detection (services + ghost nft tables)" meta:inventory.files="internal/installer/detect/conflicts.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/executor
============================================================================= NFTBan v1.73 - Installer Executor Interface ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-executor" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Executor interface abstracting system commands for testability" meta:inventory.files="internal/installer/executor/executor.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
 ============================================================================= NFTBan v1.73 - Installer Executor Interface ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-executor" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Executor interface abstracting system commands for testability" meta:inventory.files="internal/installer/executor/executor.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
installer/extfw
============================================================================= NFTBan v1.100 PR-P2-2 — External-Firewall Detection (Unified) ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-extfw-detect" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-20" meta:description="Single source of truth for external-firewall detection across install/update/uninstall" meta:inventory.files="internal/installer/extfw/detect.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.100 PR-P2-2 — External-Firewall Detection (Unified) ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-extfw-detect" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-20" meta:description="Single source of truth for external-firewall detection across install/update/uninstall" meta:inventory.files="internal/installer/extfw/detect.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/fhs
============================================================================= NFTBan v1.76 - Installer FHS Path Constants ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-fhs-paths" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="FHS-compliant path constants matching fhs-spec.yaml" meta:inventory.files="internal/installer/fhs/paths.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
 ============================================================================= NFTBan v1.76 - Installer FHS Path Constants ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-fhs-paths" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="FHS-compliant path constants matching fhs-spec.yaml" meta:inventory.files="internal/installer/fhs/paths.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
installer/history
============================================================================= NFTBan v1.73 - Installer Update History Writer ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-history" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="JSON update history compatible with nftban update history --json" meta:inventory.files="internal/installer/history/history.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="/var/lib/nftban/update-history.json" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.73 - Installer Update History Writer ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-history" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="JSON update history compatible with nftban update history --json" meta:inventory.files="internal/installer/history/history.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="/var/lib/nftban/update-history.json" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/lock
installer/logging
============================================================================= NFTBan v1.73 - Installer Dual Logger ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-logger" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Dual console+file logger for installer output" meta:inventory.files="internal/installer/logging/logger.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="/var/log/nftban/installer.log" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.73 - Installer Dual Logger ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-logger" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Dual console+file logger for installer output" meta:inventory.files="internal/installer/logging/logger.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="/var/log/nftban/installer.log" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/panelfw
installer/panelfw/adapters/cpanel
installer/panelfw/adapters/directadmin
installer/panelfw/adapters/plesk
installer/payload
installer/preflight
installer/render
============================================================================= NFTBan v1.73 - Installer Config Persistence ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-render-config" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Persist SSH port and config values to conf.local and state" meta:inventory.files="internal/installer/render/config.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="/etc/nftban/nftban.conf.local" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.73 - Installer Config Persistence ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-render-config" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Persist SSH port and config values to conf.local and state" meta:inventory.files="internal/installer/render/config.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="/etc/nftban/nftban.conf.local" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/restore
============================================================================= NFTBan v1.100 PR-24 — Authority Restoration Policy Decision Engine ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-restore-engine" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-20" meta:description="Pure decision engine for PR-24 restoration policy (lattice per seed §6)" meta:inventory.files="internal/installer/restore/engine.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
 ============================================================================= NFTBan v1.100 PR-24 — Authority Restoration Policy Decision Engine ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-restore-engine" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-20" meta:description="Pure decision engine for PR-24 restoration policy (lattice per seed §6)" meta:inventory.files="internal/installer/restore/engine.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
installer/safety
installer/services
============================================================================= NFTBan v1.73 - Installer Stale File Cleanup ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-services-cleanup" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Remove stale files, polkit rules, and legacy units from prior versions" meta:inventory.files="internal/installer/services/cleanup.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.73 - Installer Stale File Cleanup ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-services-cleanup" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Remove stale files, polkit rules, and legacy units from prior versions" meta:inventory.files="internal/installer/services/cleanup.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/state
============================================================================= NFTBan v1.73 - Installer State File I/O ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-state-file" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="State file struct, atomic write, read, transition persistence" meta:inventory.files="internal/installer/state/file.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="/var/lib/nftban/state/install_state" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.73 - Installer State File I/O ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-state-file" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="State file struct, atomic write, read, transition persistence" meta:inventory.files="internal/installer/state/file.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="/var/lib/nftban/state/install_state" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/switchop
============================================================================= NFTBan v1.75.1 - Installer nftables Service Enable ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-switchop-enable" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Enable and start nftables service with xt-compat pre-check" meta:inventory.files="internal/installer/switchop/enable.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="nftables.service" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.75.1 - Installer nftables Service Enable ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-switchop-enable" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Enable and start nftables service with xt-compat pre-check" meta:inventory.files="internal/installer/switchop/enable.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="nftables.service" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/uninstall
============================================================================= NFTBan v1.100 PR-23 — Uninstall Mutation Phase 1 (Authority Release Core) ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-uninstall-apply" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-20" meta:description="Authority release core — PR-23 uninstall mutation orchestrator" meta:inventory.files="internal/installer/uninstall/apply.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="nftband.service" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.100 PR-23 — Uninstall Mutation Phase 1 (Authority Release Core) ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-uninstall-apply" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-20" meta:description="Authority release core — PR-23 uninstall mutation orchestrator" meta:inventory.files="internal/installer/uninstall/apply.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="nftband.service" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
installer/update
installer/users
installer/validate
============================================================================= NFTBan v1.73 - Installer Post-Install Assertions ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-validate-assertions" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Post-install kernel + service + state assertions" meta:inventory.files="internal/installer/validate/assertions.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
 ============================================================================= NFTBan v1.73 - Installer Post-Install Assertions ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="installer-validate-assertions" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-04" meta:description="Post-install kernel + service + state assertions" meta:inventory.files="internal/installer/validate/assertions.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="root" =============================================================================
lifecycle
loginmon
loginmon/detector
loginmon/detector/cmd/test-detector command
loginmon/distroconf
============================================================================= NFTBan v1.79.2 - distroconf reader (BUG-15) ============================================================================= SPDX-License-Identifier: MPL-2.0 Package: distroconf Purpose: Read /etc/nftban/distros/<distro>.conf and expose [paths] as the
 ============================================================================= NFTBan v1.79.2 - distroconf reader (BUG-15) ============================================================================= SPDX-License-Identifier: MPL-2.0 Package: distroconf Purpose: Read /etc/nftban/distros/<distro>.conf and expose [paths] as the
loginmon/pipeline
Package pipeline contains the v1.80 Go detection pipeline foundation.
 Package pipeline contains the v1.80 Go detection pipeline foundation.
loginmon/pipeline/aggregate
Package aggregate implements the v1.80 aggregation layer.
 Package aggregate implements the v1.80 aggregation layer.
loginmon/pipeline/dedup
Package dedup provides a bounded LRU sieve that suppresses duplicate events.
 Package dedup provides a bounded LRU sieve that suppresses duplicate events.
loginmon/pipeline/event
Package event defines the canonical data types passed through the v1.80 detection pipeline.
 Package event defines the canonical data types passed through the v1.80 detection pipeline.
loginmon/pipeline/normalize
Package normalize canonicalizes NormalizedEvent fields so downstream stages (dedup, aggregate) operate on stable, comparable values.
 Package normalize canonicalizes NormalizedEvent fields so downstream stages (dedup, aggregate) operate on stable, comparable values.
loginmon/pipeline/parser/directadmin
Package directadmin implements a Parser for DirectAdmin's login.log format.
 Package directadmin implements a Parser for DirectAdmin's login.log format.
loginmon/pipeline/parser/dovecot
Package dovecot implements a Parser for Dovecot imap-login/pop3-login auth-failed lines.
 Package dovecot implements a Parser for Dovecot imap-login/pop3-login auth-failed lines.
loginmon/pipeline/parser/exim
Package exim implements a Parser for Exim mainlog auth-failure lines.
 Package exim implements a Parser for Exim mainlog auth-failure lines.
loginmon/pipeline/runtime
Package runtime is the composition root of the v1.80 pipeline.
 Package runtime is the composition root of the v1.80 pipeline.
loginmon/pipeline/source
Package source defines the Source abstraction for the v1.80 pipeline.
 Package source defines the Source abstraction for the v1.80 pipeline.
loginmon/pipeline/watcher
Package watcher defines the file-tailing abstraction for the v1.80 pipeline.
 Package watcher defines the file-tailing abstraction for the v1.80 pipeline.
logutil
logx
Package logx provides structured logging wrappers for NFTBan This centralizes log prefixes and makes future enhancements (JSON logs, levels) easier
 Package logx provides structured logging wrappers for NFTBan This centralizes log prefixes and makes future enhancements (JSON logs, levels) easier
metrics
Package metrics provides efficient metrics collection for NFTBan This collector replaces slow bash-based metrics with fast Go implementation
 Package metrics provides efficient metrics collection for NFTBan This collector replaces slow bash-based metrics with fast Go implementation
model
module
netutil
Package netutil provides network utility functions for NFTBan Centralizes IP address handling, whitelist checking, and CIDR operations
 Package netutil provides network utility functions for NFTBan Centralizes IP address handling, whitelist checking, and CIDR operations
network
nftables
nftbackend
Package nftbackend provides the core interface to nftables operations.
 Package nftbackend provides the core interface to nftables operations.
nftbanconf
nftlock
opqueue
parser
persistence
ports
portscan
rebuild
ruleengine
runtime
safeconv
Package safeconv provides safe integer conversion functions that check bounds before converting between integer types, preventing silent overflow bugs.
 Package safeconv provides safe integer conversion functions that check bounds before converting between integer types, preventing silent overflow bugs.
safety
Package safety provides protection mechanisms to prevent self-lockout and ensure system stability during firewall operations.
 Package safety provides protection mechanisms to prevent self-lockout and ensure system stability during firewall operations.
setsync
Package setsync provides efficient synchronization of IP sets with nftables.
 Package setsync provides efficient synchronization of IP sets with nftables.
smoke
state
stats
suricata
suricata/config
suricata/profile
suricata/stats
system
Package system provides unified system lookup utilities
 Package system provides unified system lookup utilities
testutil
Package testutil provides shared test utilities and fixtures for NFTBan tests.
 Package testutil provides shared test utilities and fixtures for NFTBan tests.
timeutil
SPDX-License-Identifier: MPL-2.0 Copyright (c) 2025 Antonios Voulvoulis <contact@nftban.com>
 SPDX-License-Identifier: MPL-2.0 Copyright (c) 2025 Antonios Voulvoulis <contact@nftban.com>
util
SPDX-License-Identifier: MPL-2.0 Copyright (c) 2025 Antonios Voulvoulis <contact@nftban.com>
 SPDX-License-Identifier: MPL-2.0 Copyright (c) 2025 Antonios Voulvoulis <contact@nftban.com>
validator
============================================================================= NFTBan v1.78 - Validator CLI Helpers ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="validator-cli" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-05" meta:description="CLI output helpers for the validator" meta:inventory.files="internal/validator/cli.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
 ============================================================================= NFTBan v1.78 - Validator CLI Helpers ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="validator-cli" meta:type="lib" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:created_date="2026-04-05" meta:description="CLI output helpers for the validator" meta:inventory.files="internal/validator/cli.go" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
watchdog
============================================================================= NFTBan v1.0 - Dynamic Watchdog Package ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="doc" meta:type="package" meta:version="1.0.0" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:description="Package documentation for NFTBan watchdog system" meta:inventory.files="" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
 ============================================================================= NFTBan v1.0 - Dynamic Watchdog Package ============================================================================= SPDX-License-Identifier: MPL-2.0 meta:name="doc" meta:type="package" meta:version="1.0.0" meta:owner="Antonios Voulvoulis <contact@nftban.com>" meta:description="Package documentation for NFTBan watchdog system" meta:inventory.files="" meta:inventory.binaries="" meta:inventory.env_vars="" meta:inventory.config_files="" meta:inventory.systemd_units="" meta:inventory.network="" meta:inventory.privileges="none" =============================================================================
whitelist
pkg
ipc
Package ipc provides inter-process communication for the NFTBan daemon architecture.
 Package ipc provides inter-process communication for the NFTBan daemon architecture.
version

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.