Skip to content

Releases: SysopNetwork/BBSFirewall

BBSFirewall v1.1.1

Choose a tag to compare

@laudenbachm laudenbachm released this 28 May 04:34

BBSFirewall v1.1.1

Bug Fix

Fixed PROXY Protocol header ordering for fast-connecting clients

Clients such as fTelnet and MuffTerm send telnet negotiation bytes immediately on TCP connect. These bytes could reach the backend BBS before the PROXY Protocol header, causing the raw header text to appear on the user's terminal instead of being silently consumed by the backend module.

Root cause: The client data handler was registered before the backend connection was established, allowing buffered client writes to race with the PROXY header write in the connect callback.

Fix: The client socket (telnet) and SSH stream are now paused before the backend connection is initiated, and resumed only after the PROXY Protocol header has been written. This guarantees the header is always the first data in the backend stream regardless of how quickly the client sends.

Files changed: proxy.js, ssh.js

BBSFirewall v1.1.0

Choose a tag to compare

@laudenbachm laudenbachm released this 25 May 01:13

BBSFirewall v1.1.0

First public release by Sysop Network.

Built on the foundation of bbsfw by Ryan Fantus.


What''s included

  • TCP Proxy — Forwards telnet connections to a backend BBS server
  • SSH Server — Encrypted SSH access proxied to the telnet backend, legacy cipher support for old clients
  • HTTPS Redirect — HTTP (port 80) and HTTPS (port 443) redirect to a configured URL
  • Let''s Encryptsetup-certs.sh for cert setup and auto-renewal with no downtime
  • PROXY Protocol v1 — Passes the real client IP to the backend BBS (configurable on/off)
  • Country Blocking — Block by country using a local MaxMind GeoLite2 database
  • IP Whitelist / Blocklist — Per-IP and CIDR range support
  • Rate Limiting — Flood protection with configurable window and block duration
  • Per-IP Connection Limit — Cap simultaneous connections from a single IP
  • Encoding Detection — UTF-8/CP437 auto-detection for SSH clients, separate backend routing
  • Graceful Shutdown — Active sessions drain cleanly on SIGTERM/SIGINT
  • PM2 Readyecosystem.config.js included for production process management

Getting started

git clone https://github.com/SysopNetwork/BBSFirewall.git
cd BBSFirewall
npm install
cp .env.example .env
nano .env
npm start

See the README for full setup instructions.


MIT License — Copyright (c) 2026 Sysop Network