We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
docs(wiki): Remove fail2ban references and fix installation mode comparison CRITICAL FIXES: - Remove ALL fail2ban references (replaced with built-in Login Monitor) - Fix misleading comparison table (modes are presets, not restrictions) - Clarify that CLI mode can install/enable ANY feature when needed - Simplify mode naming (remove "Low-End Servers" labels) FAIL2BAN REMOVAL: - Choosing-Installation-Mode: Replace fail2ban with login monitoring - Security-Operations-Guide: Update IDS description - Package-Prerequisites: Mark fail2ban as removed (replaced with Login Monitor) - Mode-2-GUI-Prometheus: Update block type references - Installation-Prerequisites: Clarify fail2ban removal reason - Firewall-Conflict-Detection: Update v0.32.25 issue notes - Coding-Standards: Replace fail2ban config examples with login monitor INSTALLATION MODE CLARIFICATION: - Add "Installation Modes Explained" header emphasizing ALL features available - Change table from "Yes/No" to "Installed by default" vs "Available to enable" - Add legend: ✅ = Auto-enabled, 🔧 = Enable when needed - Mode 1: Show what's minimal + what you can add via CLI - Mode 2: Show what comes pre-installed and auto-enabled - Switch modes section: Emphasize adding/removing components freely KEY INSIGHT: Modes are installation PRESETS, not feature RESTRICTIONS. CLI mode = minimal start, grow as needed GUI mode = everything enabled from day one This prevents confusion where users think CLI mode "can't" use features.
docs(wiki): Update branding and technical descriptions Update wiki pages with improved technical positioning: HOME PAGE: - Add "What is NFTBAN?" section with enterprise positioning - Clarify "NFTables BAN actions" acronym meaning - Emphasize nftables foundation and kernel-level integration - Highlight "Moving beyond legacy iptables-based scripts" SECURITY ARCHITECTURE: - Update header with enterprise-grade positioning - Emphasize "security as foundational principle" - Maintain technical accuracy throughout Aligns wiki documentation with main repository branding improvements. All changes improve clarity for users evaluating the system.
docs: Add comprehensive Security Operations Guide and update references New content: - Security-Operations-Guide.md (new, 850+ lines) - Complete hardening procedures - SSH, firewall, DDoS configuration - Monitoring, alerting, maintenance - Emergency procedures and recovery - Compliance and auditing - All updated to v1.0 (Suricata, no fail2ban) Updates: - Security-Architecture.md - Remove fail2ban references → Suricata - Fix polkit paths: /usr/share → /etc/polkit-1/rules.d - Remove incorrect local dev path references - Add link to new Security-Operations-Guide - Home.md - Add Security-Operations-Guide to Security section - Update section descriptions All security documentation now v1.0 compliant. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
docs: Add comprehensive GeoIP Database Guide Added new wiki page explaining how NFTBan uses GeoIP databases for geographic blocking and threat analysis. Content includes: - What GeoIP is and why NFTBan needs it - Current database: MaxMind GeoLite2-City (FREE, 61MB) - Auto-update mechanism (weekly systemd timer) - Manual database management commands - Two download methods (GitHub mirror vs official MaxMind) - Alternative database options comparison - Troubleshooting common issues - Best practices and monitoring User-friendly format with: - Clear explanations for beginners - Code examples with expected outputs - Visual formatting (emojis, tables, code blocks) - Troubleshooting section - Quick reference commands Also updated Home.md to link the new guide in Configuration section. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
fix: Repair broken link after concurrent pushes Fixed broken link in Home.md: - Package-Prerequisites-and-Repositories (deleted) → Installation-Prerequisites Context: - We merged Package-Prerequisites-and-Repositories.md + Dependencies-Reference.md - Into single Installation-Prerequisites.md file - Concurrent push restored old link to now-deleted file - Kept NFT-Schema-Validation link (new documentation) All links now working correctly.
docs: Add comprehensive NFT Schema Validation documentation Add new wiki page documenting NFTBan's nftables schema specification and validation system. New Documentation: - NFT-Schema-Validation.md (~570 lines) - Separate ip/ip6 table architecture (vs inet dual-stack) - Table/set/chain specifications - Security-critical rule ordering (blacklist before established) - CVE-2025-NFTBAN-001 detection and fixes - 6 validation functions explained - Common issues and troubleshooting - Integration with health checks Updated Files: - Home.md: Add link to NFT Schema Validation in Configuration section - Home.md: Fix link to Package-Prerequisites-and-Repositories Key Content: ✅ Table architecture: Why separate ip/ip6 (not inet) ✅ Schema spec: Sets, chains, types, flags ✅ SECURITY: Rule order validation (blacklist < established) ✅ CVE-2025-NFTBAN-001: inet filter bypass vulnerability ✅ Validation functions: 6 checks + full validation ✅ CLI usage: nftban firewall validate, nftban health ✅ Troubleshooting: Common issues and fixes Related Pages: - FHS-Compliance.md (directory structure) - Firewall-Conflict-Detection.md (firewall migration) - Package-Prerequisites-and-Repositories.md (installation prereqs) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
docs: Consolidate prerequisite documentation Merged Package-Prerequisites-and-Repositories.md and Dependencies-Reference.md into a single comprehensive Installation-Prerequisites.md file. Changes: - Create Installation-Prerequisites.md (merged content) - Delete Package-Prerequisites-and-Repositories.md - Delete Dependencies-Reference.md - Update Home.md to reference new merged file - Update Mode-1-CLI-Only-Installation.md references - Update Mode-2-GUI-Prometheus-Installation.md references Benefits: - Eliminates ~60% content duplication - Single source for all prerequisite information - Better organization with installation profiles - Comprehensive troubleshooting in one place - Easier to maintain and update New structure: - Installation profiles (Core, IDS, Monitoring, GUI) - Repository setup (EPEL/CRB automatic configuration) - Package name mapping across distros - Version requirements - Installation flows (RPM/DEB/manual) - Troubleshooting and best practices Result: 4 prerequisite files → 2 files (keep Configuration-Reference separate)
refactor(docs): Rename files to match wiki naming convention Changed from SCREAMING_SNAKE_CASE to Title-Case-With-Hyphens to match other wiki files like FHS-Compliance.md, Binary-Verification-SLSA.md, etc. Renamed Files: - FIREWALL_CONFLICT_DETECTION.md → Firewall-Conflict-Detection.md - PACKAGE_PREREQUISITES_IMPLEMENTATION.md → Package-Prerequisites-Implementation.md Updated References: - Home.md - Choosing-Installation-Mode.md - Mode-1-CLI-Only-Installation.md - Mode-2-GUI-Prometheus-Installation.md - Package-Prerequisites-and-Repositories.md - Package-Prerequisites-Implementation.md All links updated to use new filenames. No content changed, only naming convention. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
docs: Add package prerequisites and repository setup documentation New Documentation: - Package-Prerequisites-and-Repositories.md (~400 lines) Complete guide for system requirements, EPEL/CRB setup Distro-specific instructions for RHEL/Rocky/AlmaLinux Automatic vs manual repository configuration Troubleshooting common installation issues Dependency comparison tables - PACKAGE_PREREQUISITES_IMPLEMENTATION.md (~300 lines) Technical implementation details Before/after dependency comparison RPM/DEB package enhancements explained User experience improvements documented Testing checklist included Updates: - Home.md: Added link to new prerequisites guide in Configuration section These docs align with the package manager enhancements committed to main repo, providing comprehensive user and technical documentation for the automatic EPEL/CRB repository setup and expanded dependency declarations. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
fix: Retire nftban-web group across all wiki documentation CRITICAL DOCUMENTATION UPDATE: nftban-web group is RETIRED NEW 3-GROUP MODEL: - nftban → Daemon ONLY (file ownership, NO human users) - nftban-cli → CLI and Web GUI operators - nftban-auditors → Read-only auditors - nftban-web → RETIRED (merged into nftban-cli) Files Updated: 1. Groups-and-Permissions.md (MAJOR REWRITE): - Changed from "2 groups" to "3 groups" model - Group 1: nftban (Daemon Only - NO HUMANS!) - Group 2: nftban-cli (CLI & Web GUI Operators) - Group 3: nftban-auditors (Read-Only) - Updated all examples to use nftban-cli instead of nftban - Updated migration section with nftban-web removal script - Added warnings about daemon group being empty 2. FHS-Compliance.md: - Security Groups table: Removed nftban-web - Updated nftban description: "file ownership ONLY (no human users)" 3. Go-Build-Requirements.md: - REQUIRED_GROUP: nftban-web → nftban-cli - Create Web Users: Simplified to "usermod -aG nftban-cli" - Removed nftban-webadmin user creation (unnecessary) 4. Mode-2-GUI-Prometheus-Installation.md: - Updated IP whitelist requirements: nftban-web → nftban-cli Key Message to Admins: - DO NOT add human users to the nftban group - Use nftban-cli for all operators (CLI + Web GUI) - Web GUI now requires nftban-cli membership Migration Command: ```bash # Move users from nftban-web to nftban-cli for user in $(getent group nftban-web | cut -d: -f4 | tr ',' ' '); do sudo usermod -aG nftban-cli "$user" done sudo groupdel nftban-web ``` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
fix: Correct Go binary architecture across all wiki documentation CRITICAL CORRECTIONS: 1. **Binary Architecture:** - OLD (WRONG): 3 binaries (nftban-ui, nftban-feeds, nftban-geoip) - NEW (CORRECT): 2 binaries (nftban-core, nftban-ui) - nftban-feeds and nftban-geoip DO NOT EXIST as separate binaries - All functionality is in nftban-core 2. **Mode 1 vs Mode 2 Distinction:** - Mode 1: Has nftban-core (NOT "no Go binaries"!) - Mode 2: Has nftban-core + nftban-ui + Suricata IDS 3. **Terminology Changes:** - "Low-End Servers" → "Low Resources" (more accurate, less derogatory) - Removed incorrect "bash processing" mentions Files Updated: - Home.md: Fixed Mode 1/2 descriptions, removed "No Go binaries" error - Choosing-Installation-Mode.md: Complete rewrite of binary info, performance comparison - Mode-1-CLI-Only-Installation.md: Added nftban-core to "What's Included" - Mode-2-GUI-Prometheus-Installation.md: Removed nftban-feeds/geoip sections - Go-Build-Requirements.md: Updated to show only 2 binaries (nftban-core, nftban-ui) The Truth: - nftban-core is REQUIRED in BOTH modes (ban, unban, geoip, feeds) - nftban-ui is ONLY for Mode 2 (Web GUI) - Performance is THE SAME in both modes (both use nftban-core) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
fix: Correct Mode 1 description - Go binaries ARE always included CRITICAL FIX: Mode 1 documentation incorrectly stated "❌ No Go binaries" The Truth: - nftban-core (Go binary) is REQUIRED in BOTH modes - Without nftban-core, core commands don't work: ban, unban, geoip, feeds - Mode 1 vs Mode 2 distinction is about GUI/Suricata, NOT Go binaries Changes: - Mode 1: Added "✅ nftban-core binary (core Go operations)" - Mode 1: Removed incorrect "❌ No Go binaries" line - Mode 1: Added "❌ No Suricata IDS" for clarity - Mode 2: Clarified "Everything from Mode 1 (including nftban-core)" - Directory structure: Changed "(Mode 2)" to "(nftban-core, nftban-ui)" The Real Distinction: - Mode 1: nftban-core only (CLI operations) - Mode 2: nftban-core + nftban-ui (Web GUI + Prometheus) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
docs: Update configuration structure for organized subdirectories Update wiki documentation to reflect new conf.d directory organization: Configuration-Reference.md: - Rewrote Module Configuration Files section with directory tree - Added subdirectory structure for ddos/, portscan/, login/, panels/ - Documented DirectAdmin panel configuration - Added placeholders for future panels (cPanel, Plesk, ISPConfig) - Updated all config paths to use new subdirectory structure FHS-Compliance.md: - Added conf.d subdirectories to Configuration Files table - All subdirectories listed with 750 root:nftban permissions - Added: ddos/, portscan/, login/, panels/, panels/directadmin/ This aligns with the restructured configuration layout where modules use dedicated subdirectories instead of flat files. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
docs: Add all distros to install section Added missing distros to match README: - Fedora 42 - Fedora 43 - Ubuntu 22.04 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
docs: Add missing CLI commands to reference Added to Firewall & Security: - port - Port management - cloudflare - Cloudflare integration Added new Utility section: - module - Module inventory - fhs - FHS compliance 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
docs: Update login threshold to 10 failures in 5 minutes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
docs: Add login monitor services and thresholds
docs: Update CLI Commands Reference with metrics section
docs: Add VictoriaMetrics as alternative to Prometheus - Add comparison table (Prometheus vs VictoriaMetrics) - Add CLI commands for enabling metrics backend - Add VictoriaMetrics configuration section - Update Grafana section for both backends - VictoriaMetrics recommended (10x compression, 20x faster) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
docs: Add ROOT login blocking notice to Web GUI section Security hardening: Root login is explicitly blocked by the authentication daemon (nftban-ui-auth). Users must use a regular account in the nftban group for Web GUI access. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
docs: Update CLI command count from 43 to 44 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
docs: Combine CLI Commands Reference and Documentation Guide - Merged CLI_DOCUMENTATION_GUIDE.md into CLI-Commands-Reference.md - Added Developer Guide section with CLI structure and help patterns - Reduced from 1036 lines to 482 lines (more concise) - Removed duplicate file 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
docs: Add NFTBan v1.0.0 wiki documentation Added 17 wiki pages: - Home (overview and quick start) - CLI-Commands-Reference (43 commands) - Configuration-Reference - Security-Architecture - FHS-Compliance - Groups-and-Permissions - Mode-1-CLI-Only-Installation - Mode-2-GUI-Prometheus-Installation - Go-Build-Requirements - Choosing-Installation-Mode - Dependencies-Reference - Emulate-Command - Binary-Verification-SLSA - Coding-Standards - DNS-and-Network-Requirements - CLI_DOCUMENTATION_GUIDE 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Initial Home page