Go to file
Your Name 9866774da8 fix
2024-09-25 14:27:07 -06:00
modules fix 2024-09-25 14:27:07 -06:00
bots.txt fix 2024-09-23 22:17:27 -06:00
crawlers.txt fix 2024-09-23 22:17:27 -06:00
firewall.service fix 2024-09-23 22:08:38 -06:00
firewall.sh fiux 2024-09-25 14:17:42 -06:00
ipv4-filter.nft fix 2024-09-24 11:50:24 -06:00
ipv6-filter.nft fix 2024-09-24 11:50:24 -06:00
nft.rules fix 2024-09-24 17:44:34 -06:00
ReadMe.md fix 2024-09-25 13:52:17 -06:00
safe.txt fix 2024-09-23 22:17:27 -06:00

What is it?

A simple NFT firewall manager with DDOS protection. Written in Bash.

Features

  • Web Crawler Detection and Blocker
  • Easily Configure NFT
  • Support for WireGuard NFT rules
  • Automatic IP blocking for DDOS attacks
  • Easily add custom DDOS modules to protect against attacks
  • Automatic Rate-limiting for HTTP/HTTPS Connections if under attack
  • Interactive Menu-driven User Experience
  • Includes thousands of Web Crawler IP's ready to block!

Prerequisites

  1. NFT
  2. Redis

Install

  • cd /opt
  • git clone https://git.poster.place/verita84/firewall
  • cp firewall.service /etc/systemd/system
  • systemctl enable --now firewall

Configure Redis Schema

bash firewall.sh import-db

Configure firewall.sh

  • Edit the portConfig variables to allow ports
  • Modify NGINX_ACCESS to point to your NGINX config file.

I recommend keeping the NGINX_ACCESS log in /tmp mounted via TMPFS to reduce writes on your SSD and so the script can quickly scan the file.

Add Detection by the Minute via Cron

*/1 * * * * bash /opt/firewall/firewall.sh attacker-protection
00 00 * * * bash /opt/firewall/firewall.sh export-db

Per the above, new attacks are searched every minute and temp blocks are forgiven every 5 minutes. The Redis DB is exported at midnight.

Accessing the Menu

bash firewall.sh

Custom Modules

  • There are a few custom function modules to protect against certain DDOS attacks and they are named module-foo().
  • Modules can be loaded by adding them to the attacker-protection() or watch() functions as needed