Skip to content

timbuchwaldt/dblock

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits

blocker

blocker

 
 

config

config

 
 

dblockmain

dblockmain

 
 

incidentstore

incidentstore

 
 

sync

sync

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

README.md

README.md

 
 

config.toml

config.toml

 
 

main.go

main.go

 
 

Repository files navigation

#dblock dblock is an ipset based fail2ban alternative with cluster support. It follows logs, parses them using regex and blocks attackers based on the rate of incidents. It supports IPv4 + IPv6, stores blocks in etcd for all other hosts on your network to also block the IPs. It supports whitelisting your own networks to prevent accidental blocking.

Architecture

  • A goroutine is started for each log file. It tails the log and analyzes the lines
  • The inicdentstore package reads all incidents picked up by the log followers and counts them
  • The sync package reads the block requests issued by the incidentstore and writes them to etcd
  • The sync package also watches the etcd directories containing the block messages, forwarding all changes to the blocker
  • The blocker blocks and unblocks IPs based on the sync engines input

About

Distributed IP blocking based on log messages

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 12

0.0.13 Latest
Mar 23, 2016
+ 11 releases

Packages

No packages published

Languages