π Shocking statistics: More than 50% of all internet traffic consists of hacker bots, password crackers, and automated vulnerability scanners. Every day, thousands of servers are attacked, leading to enormous losses of computational resources and administrators' time.
go2ban is a modern solution for protecting your servers that not only blocks attackers but also significantly saves computational power, making the internet safer for everyone.
- β‘ Instant blocking in iptables raw table
- π Smart monitoring of service logs and Docker containers
- π£ Trap ports for automatic scanner detection
- π REST API and gRPC for integration with your systems
- π Resource savings β up to 70% reduction in CPU load
- π‘οΈ Whitelist for trusted IP addresses
For the easiest installation experience, use the automated installation script:
# Clone the repository
git clone https://github.com/vv198x/go2ban.git
cd go2ban
# Run the installation
chmod +x install.sh
./install.sh- β Checks and installs Go 1.21.6 if needed
- β Installs dependencies (make, git, wget)
- β Builds the go2ban binary
- β Installs the systemd service
- β Opens the configuration file for editing
- β Optionally starts and enables the service
π‘ Tip: Run the script as a regular user (not root). It will prompt for sudo password when needed.
Make sure you have Go version >=1.15 installed
# 1. Clone the repository
git clone https://github.com/vv198x/go2ban.git
# 2. Build the binary
make
# 3. Run the installer
sudo make install
# 4. Configure go2ban
vi /etc/go2ban/go2ban.conf
# 5. Start and enable the service
sudo systemctl --now enable go2banThe config file allows you to customize all aspects of operation:
| Parameter | Description | Default |
|---|---|---|
firewall |
Automatic firewall rule management or disable | auto |
log_dir |
Directory for go2ban logs | /var/log/go2ban |
white_list |
IP addresses that will never be blocked | - |
blocked_ips |
Maximum number of blocked IPs | 1000 |
| Parameter | Description | Default |
|---|---|---|
grpc_port |
Port for gRPC communication | off |
rest_port |
Port for REST API blocking | off |
| Parameter | Description | Default |
|---|---|---|
trap_ports |
Trap ports for scanners | off |
trap_fails |
Number of attempts before blocking | 3 |
local_service_check_minutes |
Frequency of service checking | 5 |
local_service_fails |
Number of failed attempts | 5 |
| Parameter | Description | Default |
|---|---|---|
abuseipdb_apikey |
API key for AbuseIPDB | off |
abuseipdb_ips |
Number of IPs to block from AbuseIPDB | 100 |
go2ban [options]
Options:
-cfgFile string
Path to configuration file
-clear
Unblock all IPs
-d Run as daemongo2ban runs as a background service, constantly monitoring:
- π Service logs β databases, web servers, Docker containers
- π Connection attempts to trap ports
- π External threats via AbuseIPDB API
- β‘ Automatic blocking in iptables raw table
| Advantage | Description |
|---|---|
| β‘ Speed | Raw table is the first table in the iptables chain, providing instant blocking |
| π‘οΈ Security | Strong first line of defense against incoming traffic |
| πΎ Resource savings | Connections are never established, reducing CPU load |
Thanks to effective blocking of attackers at the raw table level, go2ban helps:
- Reduce CPU load by up to 70% on attacked servers
- Save network bandwidth
- Reduce response time for legitimate users
- Make the internet faster for everyone
Every blocked attacker means:
- β Fewer attacks on other servers
- β Reduced overall threat level in the network
- β More stable operation of internet infrastructure
go2ban is developed in Go using iptables for firewall management. The code is open to the community, and we welcome developer contributions!
- Go 1.21.6+ β main development language
- iptables/netfilter β firewall management
- systemd β system service
- gRPC/REST β API for integration
For a detailed list of changes in each version, see the change.log file in the repository.
If you encounter any issues or have questions:
- π Create an Issue
- π¬ Contact the developer
- π Study the documentation
π‘οΈ Protect your server today and help make the internet safer!