nftban – Adaptive Firewall for the Modern Linux Stack Beta Testing Program

itcms

itcms

Verified User
Joined
Jul 4, 2019
Messages
121
Location
Athens
We are currently seeking beta testers to evaluate our new firewall solution, nftban.

This project is designed to replace traditional iptables-based setups, leveraging Go for local storage and optimized IP processing, while using nftables for rule management and fail2ban mechanism integration

Important Notice

Status: Beta – NOT recommended for production environments.
Tested successfully on Debian, Ubuntu, CentOS, AlmaLinux, and Rocky Linux across 5 servers.
Thoroughly evaluated for stability, but your feedback is essential before final release.

Key Features

Faster IP handling with Go-based backend.
Simple management via nftban panel.
Easy enable/disable functionality.
Recommended ports automatically configured.


Quick Start
Download nftban from:
github.com

GitHub - itcmsgr/nftban: Modern nftables firewall manager with self-healing and fail2ban integration.

Modern nftables firewall manager with self-healing and fail2ban integration. - itcmsgr/nftban
github.com github.com
nftban enable / disable

To apply all recommenced settings for directadmin
nftban panel da enable

Help will be your guide : https://github.com/itcmsgr/nftban/tree/main/docs

We Need Your Feedback​

Please share your experience, suggestions, and any issues you encounter.

Preferred method: https://github.com/itcmsgr/nftban/issues
Alternatively: Email us at [email protected]
Feedback can include:
Bugs or errors
Performance observations
Feature requests
Compatibility notes

CSF/LFD and iptables are NOT compatible and will be automatically removed during installation, as they are replaced by nftables.
 
I have a test server and i'll happily download this in a bit and have a play with it over the next few weeks as nothing big seems to be happening with the CSF project at present.

One question, I'm reading the manuals now (Have to say they are pretty thorough!) and is this solely a CLI setup for my Linux distro, or is there a GUI that can be patched into DA? Not fussed either way, but I know most users would probably appreciate a GUI.

Also, with feedback, what are you looking for? Log files? UX? Suggestions, Improvements and the like?

Cheers!
 
Here’s the kind of feedback we expect and collect :

Core Areas to Validate

CLI Stability
Does the CLI run without crashes or unexpected errors?
Are all commands returning accurate and complete information (services, ports, statistics)?
Is the output format consistent and readable?

Reports & Templates
Do all reports generate correctly with proper data?
Are email templates formatted properly and sent without issues?
Any missing placeholders or incorrect values in templates?

Installation & Uninstallation
Was installation smooth on different environments (CPU, OS)?
Does the uninstaller remove everything cleanly (no leftover files, configs, or services)?
Any dependency conflicts or permission issues?

Security & Permissions
Confirm that root is not required.
Verify that the nftban-cli group works as intended.
Test Polkit integration for privilege escalation.
Ensure auditors can review logs and actions easily.

Feature Suggestions
Any additional functionality testers think would improve usability?
Missing options or shortcuts that would make CLI more efficient?


Any feedback on the above can help make the project stable and become an open-source firewall — the first which combines Fail2Ban, Go, and nftables.
 
Thank you.

1 last question that may help me, And I hope I'm not being rude asking, but you say you've tested successfully on 5 servers (and i'm guessing they were each loaded with the different distros you list), what were the specs? How much ram would you need minimum? What processors, AMD, Intel, Arm? What server specs are you looking for data from?

Reason I ask is I can spin up a few VPS with different size drives, ram, processors etc to obtain some of the data you require above. I also have 2 homelab servers I may try also. 1 is AMD and the other is dual Intel
 
Tested on two configurations:

Lower spec: 2 CPU cores / 4 GB RAM
Higher spec: 8 CPU cores / 16 GB RAM

The tests focused on feed loading and applying geo-based country bans to determine whether enabling all feeds and banning multiple countries is feasible.

Based on the results, the 2 CPU / 4 GB setup is not ideal for this use case.

Tests were performed on both AMD and Intel processors without any issues.

No tests were conducted on ARM processors, although the package manager already provides builds for aarch.
 
Well I'm just setting up a server tonight for a personal project. I'll install this and report back. Thank you! 😁😁
 
You must log in or register to reply here.
Back
Top