8 releases
0.6.2 | Mar 9, 2024 |
---|---|
0.6.1 | Mar 8, 2024 |
0.4.0 | Apr 21, 2023 |
0.3.3 | Oct 6, 2022 |
0.2.0 | May 13, 2022 |
#231 in Unix APIs
208 downloads per month
30KB
487 lines
PFF - PF-Filter. Designed for FreeBSD, OpenBSD and MacOS
Author:
- Daniel (dmilith) Dettlaff (@dmilith)
About:
This is a cli application that parses Nginx access.log for unwanted regexp patterns, which are later added to the blocked list of PF firewall.
Features:
- Precompiled, configurable Regexps (wanted and unwanted)
- Configurable buffer (if 0 then whole access.log is parsed each run, if specified will determine of how much of the log tail gets parsed)
- Follows simple rule, that if access.log line is matching the "wanted" regexp it's not checked further, when is matching "unwanted" regexp it's considered malicious and will be added to the firewall block
Shell environment variables
Increase log verbosity:
LOG=debug cargo run
Configuration:
If no configuration is found in default paths, the local "pff.conf" will be created with default configuration. The file is stored in the RON format.
Installation details:
- Pff assumes that the /etc/pf.conf contains the block list like this:
table <blocked> persist file "/etc/spammers"
block drop in quick from <blocked>
block drop out quick to <blocked>
- Pff assumes that /etc/spammers is writable and user is root. On MacOS sudo is used to reload PF as a regular user.
License:
- Released under the BSD license.
Dependencies
~6–8.5MB
~154K SLoC