docs(suricata): Add Alert Routing section for v1.11.0
- Routing precedence: SID → Category → Port → Keywords → Priority
- Module ownership table (login, portscan, ddos)
- Category normalization explanation
- Tiebreak rules for SSH brute vs portscan
- Rate gate for DDoS (10 events/10s threshold)
- Deduplication with LRU eviction
- routing.conf configuration reference
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
63698f2
docs: Add v1.10.0 to Statistics History
| 2026-02-08 | v1.10.0 | ~194,000 | ~250,000 | Code consolidation, security hardening, FHS expansion |
ec374ce
docs: Add v1.10.0 to Growth Over Time table
- Added v1.10.0 (2026-02-08): ~250,000 lines (+0.2%)
- Updated architecture diagram to v1.10.0
- Updated language percentages: 58.3% Shell, 41.7% Go
94b7590
docs: Update to v1.10.0 + refresh code statistics
Version: 1.9.4 → 1.10.0
Shell: 207 files → 204 files, ~118K → ~113K lines
Go: 218 files → 228 files, ~75.5K → ~81K lines
Total: ~193.5K → ~194K lines
6dd355c
docs(timer): Update geoip schedule to 02:30 (staggered from rbl-check)
- Changed core-geoip from Sun 02:00 to Sun 02:30
- Reduced jitter from 60m to 30m (weekly task)
- Avoids collision with rbl-check at 02:00
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
84d0471
docs(suricata): Add prerequisites and 0-rules troubleshooting
- Add Prerequisites section before Quick Start
- Add rules-verify and rules-ensure to command list
- Add "Rules Not Loading (0 rules)" troubleshooting section
- Explain why Suricata can run with 0 rules but provides no protection
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1b463b5
docs: Remove deprecated nftban-cli references
- Remove nftban-cli from FHS group table (replaced by nftban-panel)
- Merge nftban-cli section into nftban group (deprecated)
- Keep migration notes for users upgrading from old model
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1999159
docs: Update Security Architecture for 3-group model
Update documentation to reflect the new 3-group security model:
- nftban: Admin/Operator (full access)
- nftban-auditor: Read-only (reports, logs)
- nftban-panel: Panel Operator (limited actions)
Changes:
- Updated access control model table
- Added authorization hierarchy (CanConfig, CanAct, CanRead)
- Updated permission matrix with correct columns
- Updated "Adding Users" section
- Added cPanel integration example
- Marked nftban-cli as deprecated
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
b3b88a3
docs: Fix auditor role documentation based on code audit
- Fix nftban-auditor: CAN access Web GUI (read-only), not "Cannot"
- Add all allowed systemd verbs for auditor (show, is-enabled, is-failed, list-units, list-unit-files)
- Update to 3-group model: nftban, nftban-cli, nftban-auditor
- Mark nftban-panel as retired
- Update permission matrix with nftban-cli column
- Fix FHS-Compliance.md group table
Changes verified against:
- pkg/auth/pam.go (IsAdmin, IsOperator checks)
- packaging/polkit-1/rules.d/20-nftban-auditor.rules
- install/config/allowed-gui-groups
- install/systemd/sysusers.d/nftban.conf
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
b18d818
fix(wiki): Fix Mermaid diagrams for GitHub rendering
- Remove paths with / from node labels (causes lexical errors)
- Remove <br/> tags from node labels (not supported)
- Use quoted simplified labels instead
- Add path reference tables where paths were removed
Fixed files:
- Architecture-Overview.md (component diagram, config flow)
- Health-Check-Architecture.md (security model diagram)
- Systemd-Units-Overview.md (service dependency diagram)
- API-Handlers-Map.md (request flow, auth flow)
38c0eba
docs(wiki): Remove confidential security audit pages
Removed internal/confidential documents:
- Security-Audit-Summary.md
- Code-Quality-Report.md
- Implementation-Roadmap.md
Updated Home.md and _Sidebar.md to remove references.
bf7b7c3
docs(wiki): Add Feb 2026 security audit documentation
New pages from security audit:
- Security-Audit-Summary.md - Audit findings and risk matrix
- Code-Quality-Report.md - Dead code and complexity analysis
- Implementation-Roadmap.md - 5-phase remediation plan
- Health-Check-Architecture.md - Auto-heal system design
- API-Handlers-Map.md - REST API endpoint reference
- Systemd-Units-Overview.md - Complete systemd unit reference
- Architecture-Overview.md - System components and data flow
- CLI-Command-Tree.md - Visual CLI command hierarchy
Updated pages:
- Home.md - Merged audit status with quick start guide
- _Sidebar.md - New sidebar navigation structure
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
fd97811
fix(wiki): Consolidate CI/RBL pages, apply style guide across all pages
Consolidation (21 → 19 pages):
- CI-Failure-Classification merged into Supported-Platforms
- RBL-Monitoring merged into Security-Operations-Guide
Style guide applied to 15 pages:
- Remove "NFTBan" prefix from 7 page titles
- Remove version/date lines from 10 pages
- Remove emoji from all headings (Coding-Standards, NFT-Schema, Home)
- Fix broken links (Distribution Strategy, Troubleshooting, DDoS-Protection,
Metrics-Reference, Grafana-Dashboards, cPanel-Compatibility, RBL-Monitoring)
- Standardize footer sections
- Clean up marketing language and redundant content
Home.md rewrite:
- Complete documentation index with all 19 pages
- Added missing links: Coding-Standards, Suricata, Project-Statistics
- Removed broken links and stale version references
- Clean, professional format without emoji
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2b853ab
fix(wiki): Deduplicate Queue-and-Mail-Contract, clean up Timer-Schedule
- Fix backoff table: retry 1=60s, retry 2=120s, retry 3=240s (was wrong)
- Replace duplicated config defaults with links to Configuration-Reference
- Condense transport detection priority to single line
- Remove mail retry config defaults from API doc (belongs in Config-Ref)
- Fix TOC anchors to match actual heading IDs
- Timer-Schedule: remove version line, deduplicate collection groups
- Timer-Schedule: consolidate duplicate Metrics-Architecture links in See Also
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
cdd679b
fix(wiki): Merge Firewall-Conflict-Detection and Connectors-Guide
- Firewall-Conflict-Detection.md → Installation-Guide.md: enriched
conflict section with detection table, error examples, runtime health
check. Discarded developer-internal changelog content.
- Connectors-Guide.md → Metrics-Architecture.md: expanded connectors
section with full ES/Kafka/File configs, record format, advanced
config, CLI commands, troubleshooting.
- NFT-Schema-Validation.md kept standalone (unique, no merge target).
- Updated cross-references in 6 wiki pages.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2c7c074
fix(wiki): Consolidate 5 security pages into 2
Merge Security.md + Security-Architecture.md + Groups-and-Permissions.md
into a single Security-Architecture.md. Absorb Portmapper-Security.md
into Security-Operations-Guide.md. Fix 2-group vs 3-group inconsistency
(3-group is correct). Update all cross-references across 4 wiki pages.
5 pages → 2 pages (-800 lines, zero content loss)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
6b19f9f
fix(wiki): Merge Zabbix Integration into Metrics Architecture page
Consolidate Zabbix Integration and Metrics Architecture into a single
page. Update all cross-references across 6 wiki pages. Remove standalone
Zabbix-Integration.md.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
0a2edee
chore(wiki): Remove Emulate-Command.md (merged into CLI-Commands-Reference)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
a69f2f7
fix(wiki): Merge and align CLI Commands + Emulate pages to style guide
- Concatenate Emulate Command into CLI Commands Reference (single page)
- Apply nftban documentation style guide (TOC, clean tables, proper heading levels)
- Remove verbose filler text (1100 lines removed, 534 added)
- Add global flags section, exit codes, environment variables
- Add full suricata subcommand table (30+ subcommands)
- Add full rbl subcommand table with flags
- Add health subcommand table with all 18 subcommands
- Emulate-Command.md now redirects to combined page
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
a0df93a
fix(wiki): Rewrite FHS Compliance page from canonical fhs-spec.yaml
Corrected against build/fhs-spec.yaml (single source of truth):
- Fix binary paths (/usr/lib/nftban/bin/ not /usr/sbin/ or /usr/libexec/)
- Fix group names (nftban + nftban-auditor, not nftban-cli/nftban-auditors)
- Fix /var/lib/nftban/ ownership (root:nftban security boundary, not nftban:nftban)
- Add all conf.d/ subdirectories (ddos, portscan, login, panels, botscan)
- Add all data subdirectories (queue, stats, snapshots, banned, whitelist, feeds, etc.)
- Add systemd integration (tmpfiles.d, sysusers.d, service/timer unit tables)
- Add permission model (ownership rationale, immutable files, capabilities)
- Add polkit authorization section
- Add common errors with fixes
- Follow nftban documentation style guide
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
efe438a
docs: Remove all Mode 1/Mode 2 references - one install, enable features
- Home.md: Simplified to 'Install Once, Enable What You Need'
- Home.md: Updated Quick Start section
- Home.md: Fixed cPanel link to Web-Panel-Compatibility
- FHS-Compliance.md: Changed '(Mode 2)' to '(optional)'
Logic: Install package once, user enables features as needed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
927ecdc
docs: Simplify Installation Guide - one install, enable features
Removed 'Two Installation Modes' framing. Logic is:
- Install package once
- User enables features as needed
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1d6d6e1
docs: Remove cPanel-Compatibility.md (consolidated in Web-Panel-Compatibility.md)
cPanel content already exists in Web-Panel-Compatibility.md:
- Detection and port configuration
- cPHulk compatibility
- xtables issue and solution
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
a989618
docs: Update wiki version references to v1.9.3
- Home.md: 1.0.0-beta → 1.9.3
- CLI-Commands-Reference.md: v1.7 → v1.9.3
- Configuration-Reference.md: 1.6.0 → 1.9.3
- Web-Panel-Compatibility.md: 1.9.1 → 1.9.3
- Security-Operations-Guide.md: v1.0+ → v1.9.3
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
0f65b92
docs: Update Installation Guide with two modes section for v1.9.3
- Added 'Two Installation Modes' section (CLI-Only vs GUI+Metrics)
- Clear comparison table for deployment options
- Updated version references to 1.9.3
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
cf2b0db
docs: Update Project Statistics to v1.9.3
Stats as of 2026-02-04:
- CLI Commands: 62
- Shell Scripts: 207 (~118,000 lines)
- Go Files: 218 (~75,500 lines)
- Config Files: 49
- Systemd Units: 38 (26 services, 10 timers, 2 sockets)
- Health Checks: 32
- Supported Distros: 12
- RBL Providers: 23
Added v1.9.3 features section with:
- Quick sync mode
- Performance optimizations
- Update detection fixes
- Geoban sync fixes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
3854e7c
docs: Fix DDoS config paths and variable names
- Fix config path: ddos.conf -> conf.d/ddos/classic.conf
- Fix variable names: DDOS_SSH_CONN_LIMIT -> DDOS_CLASSIC_SSH_CONN_LIMIT
- Add portscan disable command and mode options
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
965ba57
docs: Comprehensive wiki update for v1.9.3
Changes:
- Add RBL-Monitoring.md: Complete RBL monitoring documentation
- Add Web-Panel-Compatibility.md: Unified panel docs (cPanel, Plesk, DirectAdmin)
- Update CLI-Commands-Reference.md: Add RBL, suricata, modes sections
- Update Configuration-Reference.md: Add RBL and panel configuration
- Consolidate Installation-Guide.md: Single unified installation flow
- Update Security-Operations-Guide.md: Enhanced DDoS/portscan documentation
- Update Timer-Schedule.md: Add 12-hour RBL check schedule
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
21fc200
docs(stats): Update Project Statistics from v1.3.0 to v1.8.0
- Total lines: 220,785 → 231,318 (+5%)
- Go code: 58,592 → 61,686 lines
- Bash code: 106,744 → 113,632 lines
- Added v1.8.0 features: netlink backend, search optimization
- Updated architecture diagram and performance metrics
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
3edc6c6
docs: Update documentation for v1.6.0 architecture cleanup
Updated pages:
- Metrics-Architecture.md: Removed VictoriaMetrics, documented unified exporter
- Zabbix-Integration.md: Updated to reference unified exporter
- Configuration-Reference.md: Removed VM config, updated metrics config
- CLI-Commands-Reference.md: Simplified metrics commands (no VM options)
- Timer-Schedule.md: Removed legacy timers, unified exporter only
Key changes:
- VictoriaMetrics support REMOVED (was 0% operational)
- Unified exporter is the ONLY metrics exporter
- Prometheus export OFF by default (optional adapter)
- Our backend: stats.json + bans.log (NOT Prometheus)
2a68e2c