feat: add new test for config

fix: fix deps
fix: linter
2026-02-25 15:16:46 +03:00 · 2026-02-24 18:08:27 +03:00 · 2026-02-24 18:05:58 +03:00 · 2026-02-24 18:03:17 +03:00 · 2026-02-24 17:45:28 +03:00 · 2026-02-24 15:14:59 +03:00
51 changed files with 5369 additions and 906 deletions
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -25,8 +25,10 @@ builds:
      - arm64
    ldflags:
      - "-s -w" 
+    env:
+      - CGO_ENABLED=0
 archives:
-  - format: tar.gz
+  - formats: [tar.gz]
    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"

 nfpms:
@@ -43,7 +45,18 @@ nfpms:
      - rpm
      - archlinux
    bindir: /usr/bin
-
+    scripts:
+      postinstall: build/postinstall.sh
+      postremove: build/postremove.sh
+    contents:
+      - src: docs/man/banforge.1
+        dst: /usr/share/man/man1/banforge.1
+        file_info:
+          mode: 0644
+      - src: docs/man/banforge.5
+        dst: /usr/share/man/man5/banforge.5
+        file_info:
+          mode: 0644
 release: 
  gitea:
    owner: d3m0k1d
@@ -56,7 +69,6 @@ changelog:
    exclude:
      - "^docs:"
      - "^test:"
-
 checksum:
  name_template: "{{ .ProjectName }}_{{ .Version }}_checksums.txt"
  algorithm: sha256
--- a/19
+++ b/19
@@ -1,4 +1,4 @@
-.PHONY: build build-daemon build-tui clean help
+.PHONY: build build-daemon build-tui clean help install-man check-man

 help:
 	@echo "BanForge build targets:"
@@ -6,7 +6,9 @@ help:
 	@echo "  make build-daemon  - Build only daemon"
 	@echo "  make build-tui     - Build only TUI"
 	@echo "  make clean         - Remove binaries"
-	@echo "  make test          - Run tests"	
+	@echo "  make test          - Run tests"
+	@echo "  make install-man   - Install manpages to system"
+	@echo "  make check-man     - Validate manpage syntax"	

 build: build-daemon build-tui
 	@echo "✅ Build complete!"
@@ -31,3 +33,16 @@ test-cover:

 lint:
 	golangci-lint run --fix
+
+check-man:
+	@echo "Checking manpage syntax..."
+	@man -l docs/man/banforge.1 > /dev/null && echo "✅ banforge.1 OK"
+	@man -l docs/man/banforge.5 > /dev/null && echo "✅ banforge.5 OK"
+
+install-man:
+	@echo "Installing manpages..."
+	install -d $(DESTDIR)/usr/share/man/man1
+	install -d $(DESTDIR)/usr/share/man/man5
+	install -m 644 docs/man/banforge.1 $(DESTDIR)/usr/share/man/man1/banforge.1
+	install -m 644 docs/man/banforge.5 $(DESTDIR)/usr/share/man/man5/banforge.5
+	@echo "✅ Manpages installed!"
--- a/README.md
+++ b/README.md
@@ -15,14 +15,17 @@ Log-based IPS system written in Go for Linux-based system.

 # Overview
 BanForge is a simple IPS for replacement fail2ban in Linux system.
-The project is currently in its early stages of development.
-All release are available on my self-hosted [Gitea](https://gitea.d3m0k1d.ru/d3m0k1d/BanForge) because Github has limits for Actions.
+All release are available on my self-hosted [Gitea](https://gitea.d3m0k1d.ru/d3m0k1d/BanForge) after release v1.0.0 are available on Github release page.
 If you have any questions or suggestions, create issue on [Github](https://github.com/d3m0k1d/BanForge/issues).

 ## Roadmap
- [x] Real-time Nginx log monitoring
- [ ] Add support for other service
- [ ] Add support for user service with regular expressions
+- [x] Rule system
+- [x] Nginx and Sshd support
+- [x] Working with ufw/iptables/nftables/firewalld
+- [x] Prometheus metrics
+- [x] Actions (email, webhook, script)
+- [ ] Add support for most popular web-service
+- [ ] User regexp for custom services
 - [ ] TUI interface

 # Requirements
@@ -31,25 +34,99 @@ If you have any questions or suggestions, create issue on [Github](https://githu
 - ufw/iptables/nftables/firewalld

 # Installation
-Search for a release on the [Gitea](https://gitea.d3m0k1d.ru/d3m0k1d/BanForge/releases) releases page and download it. Then create or copy a systemd unit file.
-Or clone the repo and use the Makefile.
-```
-git clone https://gitea.d3m0k1d.ru/d3m0k1d/BanForge.git
-cd BanForge
-sudo make build-daemon
-cd bin
+Search for a release on the [Gitea](https://gitea.d3m0k1d.ru/d3m0k1d/BanForge/releases) releases page and download it.
+In release page you can find rpm, deb, apk packages, for amd or arm architecture.
+
+## Installation guide for packages
+
+### Debian/Ubuntu(.deb)
+```bash
+# Download the latest DEB package
+wget https://gitea.d3m0k1d.ru/d3m0k1d/BanForge/releases/download/v0.6.0/banforge_0.6.0_linux_amd64.deb
+
+# Install
+sudo dpkg -i banforge_0.6.0_linux_amd64.deb
+
+# Verify installation
+sudo systemctl status banforge
 ```

+### RHEL-based(.rpm)
+```bash
+
+# Download
+wget https://gitea.d3m0k1d.ru/d3m0k1d/BanForge/releases/download/v0.6.0/banforge_0.6.0_linux_amd64.rpm
+
+# Install
+sudo rpm -i banforge_0.6.0_linux_amd64.rpm
+
+# Or with dnf (CentOS 8+, AlmaLinux)
+sudo dnf install banforge_0.6.0_linux_amd64.rpm
+
+# Verify
+sudo systemctl status banforge
+```
+
+### Alpine(.apk)
+```bash
+
+# Download
+wget https://gitea.d3m0k1d.ru/d3m0k1d/BanForge/releases/download/v0.6.0/banforge_0.6.0_linux_amd64.apk
+
+# Install
+sudo apk add --allow-untrusted banforge_0.6.0_linux_amd64.apk
+
+# Verify
+sudo rc-service banforge status
+```
+
+### Arch Linux(.pkg.tar.zst)
+```bash
+
+# Download
+wget https://gitea.d3m0k1d.ru/d3m0k1d/BanForge/releases/download/v0.6.0/banforge_0.6.0_linux_amd64.pkg.tar.zst
+
+# Install
+sudo pacman -U banforge_0.6.0_linux_amd64.pkg.tar.zst
+
+# Verify
+sudo systemctl status banforge
+```
+This is examples for other versions with different architecture or new versions check release page on [Gitea](https://gitea.d3m0k1d.ru/d3m0k1d/BanForge/releases).
+
+## Installation guide for source code
+```bash
+# Download
+git clone https://github.com/d3m0k1d/BanForge.git
+cd BanForge
+make build-daemon
+cd bin
+mv banforge /usr/bin/banforge
+cd ..
+# Add init script and uses banforge init
+cd build
+./postinstall.sh
+```
 # Usage
 For first steps use this commands
 ```bash
 banforge init   # Create config files and database
 banforge daemon # Start BanForge daemon (use systemd or another init system to create a service)
 ```
-You can edit the config file with examples in 
+You can edit the config file with examples in
 - `/etc/banforge/config.toml` main config file
- `/etc/banforge/rules.toml` ban rules
+- `/etc/banforge/rules.d/*.toml` individual rule files with actions support
+
 For more information see the [docs](https://github.com/d3m0k1d/BanForge/docs).

+## Actions
+
+BanForge supports actions that are executed after a successful IP ban:
+- **Email** - Send email notifications via SMTP
+- **Webhook** - Send HTTP requests to external services (Slack, Telegram, etc.)
+- **Script** - Execute custom scripts
+
+See [configuration docs](https://github.com/d3m0k1d/BanForge/blob/main/docs/config.md#actions) for detailed setup instructions.
+
 # License
 The project is licensed under the [GPL-3.0](https://github.com/d3m0k1d/BanForge/blob/master/LICENSE)
--- a/build/postinstall.sh
+++ b/build/postinstall.sh
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+if command -v systemctl >/dev/null 2>&1; then
+  # for systemd based systems
+  banforge init
+  cat > /etc/systemd/system/banforge.service << 'EOF'
+[Unit]
+Description=BanForge - IPS log based system
+After=network-online.target
+Wants=network-online.target
+Documentation=https://github.com/d3m0k1d/BanForge
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/banforge daemon
+User=root
+Group=root
+Restart=always
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=banforge
+TimeoutStopSec=90
+KillSignal=SIGTERM
+
+[Install]
+WantedBy=multi-user.target
+EOF
+  chmod 644 /etc/systemd/system/banforge.service
+  systemctl daemon-reload
+  systemctl enable banforge
+fi
+
+if command -v rc-service >/dev/null 2>&1; then
+  # for openrc based systems
+  banforge init
+  cat > /etc/init.d/banforge << 'EOF'
+#!/sbin/openrc-run
+
+description="BanForge - IPS log based system"
+command="/usr/bin/banforge"
+command_args="daemon"
+
+pidfile="/run/${RC_SVCNAME}.pid"
+command_background="yes"
+
+depend() {
+  need net
+  after network
+}
+
+start_post() {
+  einfo "BanForge is now running"
+}
+
+stop_post() {
+  einfo "BanForge is now stopped"
+}
+EOF
+  chmod 755 /etc/init.d/banforge
+  rc-update add banforge
+fi
--- a/build/postremove.sh
+++ b/build/postremove.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+if command -v systemctl >/dev/null 2>&1; then
+  # for systemd based systems
+  systemctl stop banforge 2>/dev/null || true
+  systemctl disable banforge 2>/dev/null || true
+  rm -f /etc/systemd/system/banforge.service
+  systemctl daemon-reload
+fi
+
+if command -v rc-service >/dev/null 2>&1; then
+  # for openrc based systems
+  rc-service banforge stop 2>/dev/null || true
+  rc-update del banforge 2>/dev/null || true
+  rm -f /etc/init.d/banforge
+fi
+
+rm -rf /etc/banforge/
+rm -rf /var/lib/banforge/
+rm -rf /var/log/banforge/
--- a/cmd/banforge/command/daemon.go
+++ b/cmd/banforge/command/daemon.go
@@ -5,12 +5,12 @@ import (
 	"os"
 	"os/signal"
 	"syscall"
-	"time"

 	"github.com/d3m0k1d/BanForge/internal/blocker"
 	"github.com/d3m0k1d/BanForge/internal/config"
 	"github.com/d3m0k1d/BanForge/internal/judge"
 	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
 	"github.com/d3m0k1d/BanForge/internal/parser"
 	"github.com/d3m0k1d/BanForge/internal/storage"
 	"github.com/spf13/cobra"
@@ -20,17 +20,38 @@ var DaemonCmd = &cobra.Command{
 	Use:   "daemon",
 	Short: "Run BanForge daemon process",
 	Run: func(cmd *cobra.Command, args []string) {
+		entryCh := make(chan *storage.LogEntry, 1000)
+		resultCh := make(chan *storage.LogEntry, 100)
 		ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGTERM, syscall.SIGINT)
 		defer stop()
 		log := logger.New(false)
 		log.Info("Starting BanForge daemon")
-		db, err := storage.NewDB()
+		reqDb_w, err := storage.NewRequestsWr()
 		if err != nil {
-			log.Error("Failed to create database", "error", err)
+			log.Error("Failed to create request writer", "error", err)
+			os.Exit(1)
+		}
+		reqDb_r, err := storage.NewRequestsRd()
+		if err != nil {
+			log.Error("Failed to create request reader", "error", err)
+			os.Exit(1)
+		}
+		banDb_r, err := storage.NewBanReader()
+		if err != nil {
+			log.Error("Failed to create ban reader", "error", err)
+			os.Exit(1)
+		}
+		banDb_w, err := storage.NewBanWriter()
+		if err != nil {
+			log.Error("Failed to create ban writter", "error", err)
 			os.Exit(1)
 		}
 		defer func() {
-			err = db.Close()
+			err = banDb_r.Close()
+			if err != nil {
+				log.Error("Failed to close database connection", "error", err)
+			}
+			err = banDb_w.Close()
 			if err != nil {
 				log.Error("Failed to close database connection", "error", err)
 			}
@@ -40,6 +61,14 @@ var DaemonCmd = &cobra.Command{
 			log.Error("Failed to load config", "error", err)
 			os.Exit(1)
 		}
+
+		if cfg.Metrics.Enabled {
+			go func() {
+				if err := metrics.StartMetricsServer(cfg.Metrics.Port); err != nil {
+					log.Error("Failed to start metrics server", "error", err)
+				}
+			}()
+		}
 		var b blocker.BlockerEngine
 		fw := cfg.Firewall.Name
 		b = blocker.GetBlocker(fw, cfg.Firewall.Config)
@@ -48,19 +77,11 @@ var DaemonCmd = &cobra.Command{
 			log.Error("Failed to load rules", "error", err)
 			os.Exit(1)
 		}
-		j := judge.New(db, b)
+		j := judge.New(banDb_r, banDb_w, reqDb_r, b, resultCh, entryCh)
 		j.LoadRules(r)
 		go j.UnbanChecker()
-		go func() {
-			ticker := time.NewTicker(5 * time.Second)
-			defer ticker.Stop()
-			for range ticker.C {
-				if err := j.ProcessUnviewed(); err != nil {
-					log.Error("Failed to process unviewed", "error", err)
-				}
-			}
-		}()
-
+		go j.Tribunal()
+		go storage.WriteReq(reqDb_w, resultCh)
 		var scanners []*parser.Scanner

 		for _, svc := range cfg.Service {
@@ -98,16 +119,17 @@ var DaemonCmd = &cobra.Command{
 					if svc.Name == "nginx" {
 						log.Info("Starting nginx parser", "service", serviceName)
 						ng := parser.NewNginxParser()
-						resultCh := make(chan *storage.LogEntry, 100)
-						ng.Parse(p.Events(), resultCh)
-						go storage.Write(db, resultCh)
+						ng.Parse(p.Events(), entryCh)
 					}
 					if svc.Name == "ssh" {
 						log.Info("Starting ssh parser", "service", serviceName)
 						ssh := parser.NewSshdParser()
-						resultCh := make(chan *storage.LogEntry, 100)
-						ssh.Parse(p.Events(), resultCh)
-						go storage.Write(db, resultCh)
+						ssh.Parse(p.Events(), entryCh)
+					}
+					if svc.Name == "apache" {
+						log.Info("Starting apache parser", "service", serviceName)
+						ap := parser.NewApacheParser()
+						ap.Parse(p.Events(), entryCh)
 					}
 				}(pars, svc.Name)
 				continue
@@ -128,16 +150,18 @@ var DaemonCmd = &cobra.Command{
 					if svc.Name == "nginx" {
 						log.Info("Starting nginx parser", "service", serviceName)
 						ng := parser.NewNginxParser()
-						resultCh := make(chan *storage.LogEntry, 100)
-						ng.Parse(p.Events(), resultCh)
-						go storage.Write(db, resultCh)
+						ng.Parse(p.Events(), entryCh)
+
 					}
 					if svc.Name == "ssh" {
 						log.Info("Starting ssh parser", "service", serviceName)
 						ssh := parser.NewSshdParser()
-						resultCh := make(chan *storage.LogEntry, 100)
-						ssh.Parse(p.Events(), resultCh)
-						go storage.Write(db, resultCh)
+						ssh.Parse(p.Events(), entryCh)
+					}
+					if svc.Name == "apache" {
+						log.Info("Starting apache parser", "service", serviceName)
+						ap := parser.NewApacheParser()
+						ap.Parse(p.Events(), entryCh)
 					}

 				}(pars, svc.Name)
--- a/cmd/banforge/command/fw.go
+++ b/cmd/banforge/command/fw.go
@@ -7,41 +7,62 @@ import (

 	"github.com/d3m0k1d/BanForge/internal/blocker"
 	"github.com/d3m0k1d/BanForge/internal/config"
+	"github.com/d3m0k1d/BanForge/internal/storage"
 	"github.com/spf13/cobra"
 )

 var (
-	ip string
+	ttl_fw   string
+	port     int
+	protocol string
 )
+
 var UnbanCmd = &cobra.Command{
 	Use:   "unban",
 	Short: "Unban IP",
 	Run: func(cmd *cobra.Command, args []string) {
-		cfg, err := config.LoadConfig()
+		err := func() error {
+			if len(args) == 0 {
+				return fmt.Errorf("IP can't be empty")
+			}
+			if ttl_fw == "" {
+				ttl_fw = "1y"
+			}
+			ip := args[0]
+			db, err := storage.NewBanWriter()
+			if err != nil {
+				return err
+			}
+			cfg, err := config.LoadConfig()
+			if err != nil {
+				return err
+			}
+			fw := cfg.Firewall.Name
+			b := blocker.GetBlocker(fw, cfg.Firewall.Config)
+			if ip == "" {
+				return fmt.Errorf("IP can't be empty")
+			}
+			if net.ParseIP(ip) == nil {
+				return fmt.Errorf("invalid IP")
+			}
+			if err != nil {
+				return err
+			}
+			err = b.Unban(ip)
+			if err != nil {
+				return err
+			}
+			err = db.RemoveBan(ip)
+			if err != nil {
+				return err
+			}
+			fmt.Println("IP unblocked successfully!")
+			return nil
+		}()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		fw := cfg.Firewall.Name
-		b := blocker.GetBlocker(fw, cfg.Firewall.Config)
-		if ip == "" {
-			fmt.Println("IP can't be empty")
-			os.Exit(1)
-		}
-		if net.ParseIP(ip) == nil {
-			fmt.Println("Invalid IP")
-			os.Exit(1)
-		}
-		if err != nil {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-		err = b.Unban(ip)
-		if err != nil {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-		fmt.Println("IP unblocked successfully!")
 	},
 }

@@ -49,7 +70,64 @@ var BanCmd = &cobra.Command{
 	Use:   "ban",
 	Short: "Ban IP",
 	Run: func(cmd *cobra.Command, args []string) {
+		err := func() error {
+			if len(args) == 0 {
+				return fmt.Errorf("IP can't be empty")
+			}
+			if ttl_fw == "" {
+				ttl_fw = "1y"
+			}
+			ip := args[0]
+			db, err := storage.NewBanWriter()
+			if err != nil {
+				return err
+			}
+			cfg, err := config.LoadConfig()
+			if err != nil {
+				return err
+			}
+			fw := cfg.Firewall.Name
+			b := blocker.GetBlocker(fw, cfg.Firewall.Config)
+			if ip == "" {
+				return fmt.Errorf("IP can't be empty")
+			}
+			if net.ParseIP(ip) == nil {
+				return fmt.Errorf("invalid IP")
+			}
+			if err != nil {
+				return err
+			}
+			err = b.Ban(ip)
+			if err != nil {
+				return err
+			}
+			err = db.AddBan(ip, ttl_fw, "manual ban")
+			if err != nil {
+				return err
+			}
+			fmt.Println("IP blocked successfully!")
+			return nil
+		}()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+	},
+}

+var PortCmd = &cobra.Command{
+	Use:   "port",
+	Short: "Ports commands",
+}
+
+var PortOpenCmd = &cobra.Command{
+	Use:   "open",
+	Short: "Open ports on firewall",
+	Run: func(cmd *cobra.Command, args []string) {
+		if protocol == "" {
+			fmt.Println("Protocol can't be empty")
+			os.Exit(1)
+		}
 		cfg, err := config.LoadConfig()
 		if err != nil {
 			fmt.Println(err)
@@ -57,28 +135,45 @@ var BanCmd = &cobra.Command{
 		}
 		fw := cfg.Firewall.Name
 		b := blocker.GetBlocker(fw, cfg.Firewall.Config)
-		if ip == "" {
-			fmt.Println("IP can't be empty")
-			os.Exit(1)
-		}
-		if net.ParseIP(ip) == nil {
-			fmt.Println("Invalid IP")
-			os.Exit(1)
-		}
+		err = b.PortOpen(port, protocol)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		err = b.Ban(ip)
+		fmt.Println("Port opened successfully!")
+	},
+}
+
+var PortCloseCmd = &cobra.Command{
+	Use:   "close",
+	Short: "Close ports on firewall",
+	Run: func(cmd *cobra.Command, args []string) {
+		if protocol == "" {
+			fmt.Println("Protocol can't be empty")
+			os.Exit(1)
+		}
+		cfg, err := config.LoadConfig()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		fmt.Println("IP unblocked successfully!")
+		fw := cfg.Firewall.Name
+		b := blocker.GetBlocker(fw, cfg.Firewall.Config)
+		err = b.PortClose(port, protocol)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		fmt.Println("Port closed successfully!")
 	},
 }

 func FwRegister() {
-	BanCmd.Flags().StringVarP(&ip, "ip", "i", "", "ip to ban")
-	UnbanCmd.Flags().StringVarP(&ip, "ip", "i", "", "ip to unban")
+	BanCmd.Flags().StringVarP(&ttl_fw, "ttl", "t", "", "ban time")
+	PortCmd.AddCommand(PortOpenCmd)
+	PortCmd.AddCommand(PortCloseCmd)
+	PortOpenCmd.Flags().IntVarP(&port, "port", "p", 0, "port number")
+	PortOpenCmd.Flags().StringVarP(&protocol, "protocol", "c", "", "protocol")
+	PortCloseCmd.Flags().IntVarP(&port, "port", "p", 0, "port number")
+	PortCloseCmd.Flags().StringVarP(&protocol, "protocol", "c", "", "protocol")
 }
--- a/cmd/banforge/command/init.go
+++ b/cmd/banforge/command/init.go
@@ -16,53 +16,11 @@ var InitCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("Initializing BanForge...")

-		if _, err := os.Stat("/var/log/banforge"); err == nil {
-			fmt.Println("/var/log/banforge already exists, skipping...")
-		} else if os.IsNotExist(err) {
-			err := os.Mkdir("/var/log/banforge", 0750)
-			if err != nil {
-				fmt.Println(err)
-				os.Exit(1)
-			}
-			fmt.Println("Created /var/log/banforge")
-		} else {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-		if _, err := os.Stat("/var/lib/banforge"); err == nil {
-			fmt.Println("/var/lib/banforge already exists, skipping...")
-		} else if os.IsNotExist(err) {
-			err := os.Mkdir("/var/lib/banforge", 0750)
-			if err != nil {
-				fmt.Println(err)
-				os.Exit(1)
-			}
-			fmt.Println("Created /var/lib/banforge")
-		} else {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-
-		if _, err := os.Stat("/etc/banforge"); err == nil {
-			fmt.Println("/etc/banforge already exists, skipping...")
-		} else if os.IsNotExist(err) {
-			err := os.Mkdir("/etc/banforge", 0750)
-			if err != nil {
-				fmt.Println(err)
-				os.Exit(1)
-			}
-			fmt.Println("Created /etc/banforge")
-		} else {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-
 		err := config.CreateConf()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		fmt.Println("Config created")

 		err = config.FindFirewall()
 		if err != nil {
@@ -82,23 +40,11 @@ var InitCmd = &cobra.Command{
 		}
 		fmt.Println("Firewall configured")

-		db, err := storage.NewDB()
+		err = storage.CreateTables()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		err = db.CreateTable()
-		if err != nil {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-		defer func() {
-			err = db.Close()
-			if err != nil {
-				fmt.Println(err)
-				os.Exit(1)
-			}
-		}()
 		fmt.Println("Firewall detected and configured")

 		fmt.Println("BanForge initialized successfully!")
--- a/cmd/banforge/command/list.go
+++ b/cmd/banforge/command/list.go
@@ -13,7 +13,7 @@ var BanListCmd = &cobra.Command{
 	Short: "List banned IP adresses",
 	Run: func(cmd *cobra.Command, args []string) {
 		var log = logger.New(false)
-		d, err := storage.NewDB()
+		d, err := storage.NewBanReader()
 		if err != nil {
 			log.Error("Failed to create database", "error", err)
 			os.Exit(1)
--- a/cmd/banforge/command/rule.go
+++ b/cmd/banforge/command/rule.go
@@ -3,18 +3,22 @@ package command
 import (
 	"fmt"
 	"os"
+	"path/filepath"

 	"github.com/d3m0k1d/BanForge/internal/config"
+	"github.com/jedib0t/go-pretty/v6/table"
 	"github.com/spf13/cobra"
 )

 var (
-	name    string
-	service string
-	path    string
-	status  string
-	method  string
-	ttl     string
+	name     string
+	service  string
+	path     string
+	status   string
+	method   string
+	ttl      string
+	maxRetry int
+	editName string
 )

 var RuleCmd = &cobra.Command{
@@ -24,24 +28,25 @@ var RuleCmd = &cobra.Command{

 var AddCmd = &cobra.Command{
 	Use:   "add",
-	Short: "CLI interface for add new rule to file /etc/banforge/rules.toml",
+	Short: "Add a new rule to /etc/banforge/rules.d/",
+	Long:  "Creates a new rule file in /etc/banforge/rules.d/<name>.toml",
 	Run: func(cmd *cobra.Command, args []string) {
 		if name == "" {
-			fmt.Printf("Rule name can't be empty\n")
+			fmt.Println("Rule name can't be empty (use -n flag)")
 			os.Exit(1)
 		}
 		if service == "" {
-			fmt.Printf("Service name can't be empty\n")
+			fmt.Println("Service name can't be empty (use -s flag)")
 			os.Exit(1)
 		}
 		if path == "" && status == "" && method == "" {
-			fmt.Printf("At least 1 rule field must be filled in.")
+			fmt.Println("At least one rule field must be filled: path, status, or method")
 			os.Exit(1)
 		}
 		if ttl == "" {
 			ttl = "1y"
 		}
-		err := config.NewRule(name, service, path, status, method, ttl)
+		err := config.NewRule(name, service, path, status, method, ttl, maxRetry)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
@@ -50,35 +55,103 @@ var AddCmd = &cobra.Command{
 	},
 }

-var ListCmd = &cobra.Command{
-	Use:   "list",
-	Short: "List rules",
+var EditCmd = &cobra.Command{
+	Use:   "edit",
+	Short: "Edit an existing rule",
+	Long:  "Edit rule fields by name. Only specified fields will be updated.",
 	Run: func(cmd *cobra.Command, args []string) {
-		r, err := config.LoadRuleConfig()
+		if editName == "" {
+			fmt.Println("Rule name is required (use -n flag)")
+			os.Exit(1)
+		}
+		if service == "" && path == "" && status == "" && method == "" {
+			fmt.Println("At least one field must be specified to edit: -s, -p, -c, or -m")
+			os.Exit(1)
+		}
+		err := config.EditRule(editName, service, path, status, method)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		for _, rule := range r {
-			fmt.Printf(
-				"Name: %s\nService: %s\nPath: %s\nStatus: %s\nMethod: %s\n\n",
+		fmt.Println("Rule updated successfully!")
+	},
+}
+
+var RemoveCmd = &cobra.Command{
+	Use:   "remove <name>",
+	Short: "Remove a rule by name",
+	Args:  cobra.ExactArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		ruleName := args[0]
+		fileName := config.SanitizeRuleFilename(ruleName) + ".toml"
+		filePath := filepath.Join("/etc/banforge/rules.d", fileName)
+
+		if _, err := os.Stat(filePath); os.IsNotExist(err) {
+			fmt.Printf("Rule '%s' not found\n", ruleName)
+			os.Exit(1)
+		}
+
+		if err := os.Remove(filePath); err != nil {
+			fmt.Printf("Failed to remove rule: %v\n", err)
+			os.Exit(1)
+		}
+		fmt.Printf("Rule '%s' removed successfully\n", ruleName)
+	},
+}
+
+var ListCmd = &cobra.Command{
+	Use:   "list",
+	Short: "List all rules",
+	Run: func(cmd *cobra.Command, args []string) {
+		rules, err := config.LoadRuleConfig()
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		if len(rules) == 0 {
+			fmt.Println("No rules found")
+			return
+		}
+
+		t := table.NewWriter()
+		t.SetOutputMirror(os.Stdout)
+		t.AppendHeader(table.Row{
+			"Name", "Service", "Path", "Status", "Method", "MaxRetry", "BanTime",
+		})
+
+		for _, rule := range rules {
+			t.AppendRow(table.Row{
 				rule.Name,
 				rule.ServiceName,
 				rule.Path,
 				rule.Status,
 				rule.Method,
-			)
+				rule.MaxRetry,
+				rule.BanTime,
+			})
 		}
+		t.Render()
 	},
 }

 func RuleRegister() {
 	RuleCmd.AddCommand(AddCmd)
+	RuleCmd.AddCommand(EditCmd)
+	RuleCmd.AddCommand(RemoveCmd)
 	RuleCmd.AddCommand(ListCmd)
+
 	AddCmd.Flags().StringVarP(&name, "name", "n", "", "rule name (required)")
-	AddCmd.Flags().StringVarP(&service, "service", "s", "", "service name")
+	AddCmd.Flags().StringVarP(&service, "service", "s", "", "service name (required)")
 	AddCmd.Flags().StringVarP(&path, "path", "p", "", "request path")
 	AddCmd.Flags().StringVarP(&status, "status", "c", "", "status code")
-	AddCmd.Flags().StringVarP(&method, "method", "m", "", "method")
-	AddCmd.Flags().StringVarP(&ttl, "ttl", "t", "", "ban time")
+	AddCmd.Flags().StringVarP(&method, "method", "m", "", "HTTP method")
+	AddCmd.Flags().StringVarP(&ttl, "ttl", "t", "", "ban time (e.g., 1h, 1d, 1y)")
+	AddCmd.Flags().IntVarP(&maxRetry, "max_retry", "r", 0, "max retry before ban")
+
+	EditCmd.Flags().StringVarP(&editName, "name", "n", "", "rule name to edit (required)")
+	EditCmd.Flags().StringVarP(&service, "service", "s", "", "new service name")
+	EditCmd.Flags().StringVarP(&path, "path", "p", "", "new path")
+	EditCmd.Flags().StringVarP(&status, "status", "c", "", "new status code")
+	EditCmd.Flags().StringVarP(&method, "method", "m", "", "new HTTP method")
 }
--- a/cmd/banforge/command/version.go
+++ b/cmd/banforge/command/version.go
@@ -0,0 +1,17 @@
+package command
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+)
+
+var version = "0.5.2"
+
+var VersionCmd = &cobra.Command{
+	Use:   "version",
+	Short: "BanForge version",
+	Run: func(cmd *cobra.Command, args []string) {
+		fmt.Println("BanForge version:", version)
+	},
+}
--- a/cmd/banforge/main.go
+++ b/cmd/banforge/main.go
@@ -13,7 +13,6 @@ var rootCmd = &cobra.Command{
 	Use:   "banforge",
 	Short: "IPS log-based written on Golang",
 	Run: func(cmd *cobra.Command, args []string) {
-
 	},
 }

@@ -28,6 +27,8 @@ func Execute() {
 	rootCmd.AddCommand(command.BanCmd)
 	rootCmd.AddCommand(command.UnbanCmd)
 	rootCmd.AddCommand(command.BanListCmd)
+	rootCmd.AddCommand(command.VersionCmd)
+	rootCmd.AddCommand(command.PortCmd)
 	command.RuleRegister()
 	command.FwRegister()
 	if err := rootCmd.Execute(); err != nil {
--- a/docs/cli.md
+++ b/docs/cli.md
@@ -1,61 +1,226 @@
 # CLI commands BanForge
-BanForge provides a command-line interface (CLI) to manage IP blocking, 
+
+BanForge provides a command-line interface (CLI) to manage IP blocking,
 configure detection rules, and control the daemon process.
+
 ## Commands
-### init - create a deps file
+
+### init - Create configuration files

 ```shell
 banforge init
 ```

-**Description**
-This command creates the necessary directories and base configuration files 
-required for the daemon to operate.
+**Description**  
+This command creates the necessary directories and base configuration files
+required for the daemon to operate:
+- `/etc/banforge/config.toml` — main configuration
+- `/etc/banforge/rules.toml` — default rules file
+- `/etc/banforge/rules.d/` — directory for individual rule files
+
+---
+
+### version - Display BanForge version
+
+```shell
+banforge version
+```
+
+**Description**  
+This command displays the current version of the BanForge software.
+
+---
+
 ### daemon - Starts the BanForge daemon process

 ```shell
 banforge daemon
 ```

-**Description**
-This command starts the BanForge daemon process in the background. 
-The daemon continuously monitors incoming requests, detects anomalies, 
+**Description**  
+This command starts the BanForge daemon process in the background.
+The daemon continuously monitors incoming requests, detects anomalies,
 and applies firewall rules in real-time.

+---
+
 ### firewall - Manages firewall rules
+
 ```shell
 banforge ban <ip>
 banforge unban <ip>
 ```

-**Description**
+**Description**  
 These commands provide an abstraction over your firewall. If you want to simplify the interface to your firewall, you can use these commands.

-### list - Lists the IP addresses that are currently blocked
+| Flag        | Description                    |
+| ----------- | ------------------------------ |
+| `-t`, `-ttl` | Ban duration (default: 1 year) |
+
+**Examples:**
+```bash
+# Ban IP for 1 hour
+banforge ban 192.168.1.100 -t 1h
+
+# Unban IP
+banforge unban 192.168.1.100
+```
+
+---
+
+### ports - Open and close ports on firewall
+
+```shell
+banforge open -port <port> -protocol <protocol>
+banforge close -port <port> -protocol <protocol>
+```
+
+**Description**  
+These commands provide an abstraction over your firewall. If you want to simplify the interface to your firewall, you can use these commands.
+
+| Flag          | Required | Description              |
+| ------------- | -------- | ------------------------ |
+| `-port`       | +        | Port number (e.g., 80)   |
+| `-protocol`   | +        | Protocol (tcp/udp)       |
+
+**Examples:**
+```bash
+# Open port 80 for TCP
+banforge open -port 80 -protocol tcp
+
+# Close port 443
+banforge close -port 443 -protocol tcp
+```
+
+---
+
+### list - List blocked IP addresses
+
 ```shell
 banforge list
 ```

-**Description**
-This command output table of IP addresses that are currently blocked
+**Description**  
+This command outputs a table of IP addresses that are currently blocked.

-### rule - Manages detection rules
+---
+
+### rule - Manage detection rules
+
+Rules are stored in `/etc/banforge/rules.d/` as individual `.toml` files.
+
+#### Add a new rule

 ```shell
-banforge rule add -n rule.name -c 403
-banforge rule list 
+banforge rule add -n <name> -s <service> [options]
 ```

-**Description**
-These command help you to create and manage detection rules in CLI interface.
+**Flags:**

-| Flag        | Required |
-| ----------- | -------- |
-| -n -name    | +        |
-| -s -service | +        |
-| -p -path    | -        |
-| -m -method  | -        |
-| -c -status  | -        |
-| -t -ttl     | -(if not used default ban 1 year)        |
+| Flag                | Required | Description                              |
+| ------------------- | -------- | ---------------------------------------- |
+| `-n`, `--name`      | +        | Rule name (used as filename)             |
+| `-s`, `--service`   | +        | Service name (nginx, apache, ssh, etc.)  |
+| `-p`, `--path`      | -        | Request path to match                    |
+| `-m`, `--method`    | -        | HTTP method (GET, POST, etc.)            |
+| `-c`, `--status`    | -        | HTTP status code (403, 404, etc.)        |
+| `-t`, `--ttl`       | -        | Ban duration (default: 1y)               |
+| `-r`, `--max_retry` | -        | Max retries before ban (default: 0)      |

-You must specify at least 1 of the optional flags to create a rule.
+**Note:** At least one of `-p`, `-m`, or `-c` must be specified.
+
+**Examples:**
+```bash
+# Ban on 403 status
+banforge rule add -n "Forbidden" -s nginx -c 403 -t 30m
+
+# Ban on path pattern
+banforge rule add -n "Admin Access" -s nginx -p "/admin/*" -t 2h -r 3
+
+# SSH brute force protection
+banforge rule add -n "SSH Bruteforce" -s ssh -c "Failed" -t 1h -r 5
+```
+
+---
+
+#### List all rules
+
+```shell
+banforge rule list
+```
+
+**Description**  
+Displays all configured rules in a table format.
+
+**Example output:**
+```
+------------------+---------+--------+--------+--------+----------+---------+
+| NAME             | SERVICE | PATH   | STATUS | METHOD | MAXRETRY | BANTIME |
+------------------+---------+--------+--------+--------+----------+---------+
+| SSH Bruteforce   | ssh     |        | Failed |        | 5        | 1h      |
+| Nginx 404        | nginx   |        | 404    |        | 3        | 30m     |
+| Admin Panel      | nginx   | /admin |        |        | 2        | 2h      |
+------------------+---------+--------+--------+--------+----------+---------+
+```
+
+---
+
+#### Edit an existing rule
+
+```shell
+banforge rule edit -n <name> [options]
+```
+
+**Description**  
+Edit fields of an existing rule. Only specified fields will be updated.
+
+| Flag                | Required | Description                     |
+| ------------------- | -------- | ------------------------------- |
+| `-n`, `--name`      | +        | Rule name to edit               |
+| `-s`, `--service`   | -        | New service name                |
+| `-p`, `--path`      | -        | New path                        |
+| `-m`, `--method`    | -        | New method                      |
+| `-c`, `--status`    | -        | New status code                 |
+
+**Examples:**
+```bash
+# Update ban time for existing rule
+banforge rule edit -n "SSH Bruteforce" -t 2h
+
+# Change status code
+banforge rule edit -n "Forbidden" -c 403
+```
+
+---
+
+#### Remove a rule
+
+```shell
+banforge rule remove <name>
+```
+
+**Description**  
+Permanently delete a rule by name.
+
+**Example:**
+```bash
+banforge rule remove "Old Rule"
+```
+
+---
+
+## Ban time format
+
+Use the following suffixes for ban duration:
+
+| Suffix | Duration |
+| ------ | -------- |
+| `s`    | Seconds  |
+| `m`    | Minutes  |
+| `h`    | Hours    |
+| `d`    | Days     |
+| `M`    | Months (30 days) |
+| `y`    | Years (365 days) |
+
+**Examples:** `30s`, `5m`, `2h`, `1d`, `1M`, `1y`
--- a/docs/config.md
+++ b/docs/config.md
@@ -40,9 +40,132 @@ Example:
  service = "nginx"
  path = ""
  status = "304"
+  max_retry = 3
  method = ""
  ban_time = "1m"
+
+  # Actions are executed after successful ban
+  [[rule.action]]
+    type = "email"
+    enabled = true
+    email = "admin@example.com"
+    email_sender = "banforge@example.com"
+    email_subject = "BanForge Alert: IP Banned"
+    smtp_host = "smtp.example.com"
+    smtp_port = 587
+    smtp_user = "user@example.com"
+    smtp_password = "password"
+    smtp_tls = true
+    body = "IP {ip} has been banned for rule {rule}"
+
+  [[rule.action]]
+    type = "webhook"
+    enabled = true
+    url = "https://hooks.example.com/alert"
+    method = "POST"
+    headers = { "Content-Type" = "application/json", "Authorization" = "Bearer token" }
+    body = "{\"ip\": \"{ip}\", \"rule\": \"{rule}\", \"service\": \"{service}\"}"
+
+  [[rule.action]]
+    type = "script"
+    enabled = true
+    script = "/usr/local/bin/notify.sh"
+    interpretator = "bash"
 ```
 **Description**
 The [[rule]] section require name and one of the following parameters: service, path, status, method. To add a rule, create a [[rule]] block and specify the parameters.
-ban_time require in format "1m", "1h", "1d", "1M", "1y"
+ban_time require in format "1m", "1h", "1d", "1M", "1y".
+If you want to ban all requests to PHP files (e.g., path = "*.php") or requests to the admin panel (e.g., path = "/admin/*").
+If max_retry = 0 ban on first request.
+
+## Actions
+
+Actions are executed after a successful IP ban. You can configure multiple actions per rule.
+
+### Action Types
+
+#### 1. Email Notification
+
+Send email alerts when an IP is banned.
+
+```toml
+[[rule.action]]
+  type = "email"
+  enabled = true
+  email = "admin@example.com"
+  email_sender = "banforge@example.com"
+  email_subject = "BanForge Alert"
+  smtp_host = "smtp.example.com"
+  smtp_port = 587
+  smtp_user = "user@example.com"
+  smtp_password = "password"
+  smtp_tls = true
+  body = "IP {ip} has been banned"
+```
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| `type` | + | Must be "email" |
+| `enabled` | + | Enable/disable this action |
+| `email` | + | Recipient email address |
+| `email_sender` | + | Sender email address |
+| `email_subject` | - | Email subject (default: "BanForge Alert") |
+| `smtp_host` | + | SMTP server host |
+| `smtp_port` | + | SMTP server port |
+| `smtp_user` | + | SMTP username |
+| `smtp_password` | + | SMTP password |
+| `smtp_tls` | - | Use TLS connection (default: false) |
+| `body` | - | Email body text |
+
+#### 2. Webhook Notification
+
+Send HTTP webhook requests when an IP is banned.
+
+```toml
+[[rule.action]]
+  type = "webhook"
+  enabled = true
+  url = "https://hooks.example.com/alert"
+  method = "POST"
+  headers = { "Content-Type" = "application/json", "Authorization" = "Bearer token" }
+  body = "{\"ip\": \"{ip}\", \"rule\": \"{rule}\"}"
+```
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| `type` | + | Must be "webhook" |
+| `enabled` | + | Enable/disable this action |
+| `url` | + | Webhook URL |
+| `method` | - | HTTP method (default: "POST") |
+| `headers` | - | HTTP headers as key-value pairs |
+| `body` | - | Request body (supports variables) |
+
+#### 3. Script Execution
+
+Execute a custom script when an IP is banned.
+
+```toml
+[[rule.action]]
+  type = "script"
+  enabled = true
+  script = "/usr/local/bin/notify.sh"
+  interpretator = "bash"
+```
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| `type` | + | Must be "script" |
+| `enabled` | + | Enable/disable this action |
+| `script` | + | Path to script file |
+| `interpretator` | - | Script interpretator (e.g., "bash", "python"). If empty, script runs directly |
+
+### Variables
+
+The following variables can be used in `body` fields (email, webhook):
+
+| Variable | Description |
+|----------|-------------|
+| `{ip}` | Banned IP address |
+| `{rule}` | Rule name that triggered the ban |
+| `{service}` | Service name |
+| `{ban_time}` | Ban duration |
--- a/docs/man/banforge.1
+++ b/docs/man/banforge.1
@@ -0,0 +1,251 @@
+.TH BANFORGE 1 "24 February 2026" "BanForge 1.0"
+.
+.SH NAME
+banforge \- BanForge IPS utility for Linux
+.
+.SH SYNOPSIS
+.B banforge
+[\fIOPTIONS\fR] \fICOMMAND\fR [\fIARGUMENTS\fR]
+.
+.SH DESCRIPTION
+BanForge is an Intrusion Prevention System (IPS) utility for Linux.
+It monitors service logs, detects anomalies and malicious activity,
+and automatically applies firewall rules to block suspicious IP addresses.
+.
+.PP
+The program consists of two components:
+.RS
+.IP \(bu 2
+\fBbanforge\fR \- CLI utility for management
+.IP \(bu 2
+\fBbanforge daemon\fR \- background service for real-time monitoring
+.RE
+.
+.SH COMMANDS
+.
+.SS init \- Create configuration files
+.PP
+\fBbanforge init\fR
+.PP
+Creates the necessary directories and base configuration files:
+.RS
+.IP \(bu 2
+\fI/etc/banforge/config.toml\fR \- main configuration
+.IP \(bu 2
+\fI/etc/banforge/rules.toml\fR \- default rules file
+.IP \(bu 2
+\fI/etc/banforge/rules.d/\fR \- directory for individual rule files
+.RE
+.
+.SS version \- Display BanForge version
+.PP
+\fBbanforge version\fR
+.PP
+Displays the current version of the BanForge software.
+.
+.SS daemon \- Start the BanForge daemon
+.PP
+\fBbanforge daemon\fR
+.PP
+Starts the BanForge daemon process in the background.
+The daemon continuously monitors incoming requests, detects anomalies,
+and applies firewall rules in real-time.
+.
+.SS firewall \- Manage firewall rules
+.PP
+\fBbanforge ban\fR \fI<ip>\fR [\fIOPTIONS\fR]
+.br
+\fBbanforge unban\fR \fI<ip>\fR
+.PP
+These commands provide an abstraction over your firewall.
+.PP
+\fBoptions:\fR
+.RS
+.IP \(bu 2
+\fB-t\fR, \fB--ttl\fR \- Ban duration (default: 1 year)
+.RE
+.PP
+\fBExamples:\fR
+.RS
+.IP \(bu 2
+\fBbanforge ban 192.168.1.100 -t 1h\fR \- Ban IP for 1 hour
+.IP \(bu 2
+\fBbanforge unban 192.168.1.100\fR \- Unban IP
+.RE
+.
+.SS ports \- Manage firewall ports
+.PP
+\fBbanforge open\fR \fB-port\fR \fI<port>\fR \fB-protocol\fR \fI<protocol>\fR
+.br
+\fBbanforge close\fR \fB-port\fR \fI<port>\fR \fB-protocol\fR \fI<protocol>\fR
+.PP
+Open or close ports on the firewall.
+.PP
+\fBflags:\fR
+.RS
+.IP \(bu 2
+\fB-port\fR \- Port number (e.g., 80) \fI(required)\fR
+.IP \(bu 2
+\fB-protocol\fR \- Protocol (tcp/udp) \fI(required)\fR
+.RE
+.PP
+\fBExamples:\fR
+.RS
+.IP \(bu 2
+\fBbanforge open -port 80 -protocol tcp\fR
+.IP \(bu 2
+\fBbanforge close -port 443 -protocol tcp\fR
+.RE
+.
+.SS list \- List blocked IP addresses
+.PP
+\fBbanforge list\fR
+.PP
+Outputs a table of IP addresses that are currently blocked.
+.
+.SS rule \- Manage detection rules
+.PP
+Rules are stored in \fI/etc/banforge/rules.d/\fR as individual \fI.toml\fR files.
+.
+.SS "rule add \- Add a new rule"
+.PP
+\fBbanforge rule add\fR \fB-n\fR \fI<name>\fR \fB-s\fR \fI<service>\fR [\fIOPTIONS\fR]
+.PP
+\fBflags:\fR
+.RS
+.IP \(bu 2
+\fB-n\fR, \fB--name\fR \- Rule name (used as filename) \fI(required)\fR
+.IP \(bu 2
+\fB-s\fR, \fB--service\fR \- Service name (nginx, apache, ssh, etc.) \fI(required)\fR
+.IP \(bu 2
+\fB-p\fR, \fB--path\fR \- Request path to match
+.IP \(bu 2
+\fB-m\fR, \fB--method\fR \- HTTP method (GET, POST, etc.)
+.IP \(bu 2
+\fB-c\fR, \fB--status\fR \- HTTP status code (403, 404, etc.)
+.IP \(bu 2
+\fB-t\fR, \fB--ttl\fR \- Ban duration (default: 1y)
+.IP \(bu 2
+\fB-r\fR, \fB--max_retry\fR \- Max retries before ban (default: 0)
+.RE
+.PP
+\fBNote:\fR At least one of \fB-p\fR, \fB-m\fR, or \fB-c\fR must be specified.
+.PP
+\fBExamples:\fR
+.RS
+.IP \(bu 2
+\fBbanforge rule add -n "Forbidden" -s nginx -c 403 -t 30m\fR
+.IP \(bu 2
+\fBbanforge rule add -n "Admin Access" -s nginx -p "/admin/*" -t 2h -r 3\fR
+.IP \(bu 2
+\fBbanforge rule add -n "SSH Bruteforce" -s ssh -c "Failed" -t 1h -r 5\fR
+.RE
+.
+.SS "rule list \- List all rules"
+.PP
+\fBbanforge rule list\fR
+.PP
+Displays all configured rules in a table format.
+.
+.SS "rule edit \- Edit an existing rule"
+.PP
+\fBbanforge rule edit\fR \fB-n\fR \fI<name>\fR [\fIOPTIONS\fR]
+.PP
+Edit fields of an existing rule. Only specified fields will be updated.
+.PP
+\fBflags:\fR
+.RS
+.IP \(bu 2
+\fB-n\fR, \fB--name\fR \- Rule name to edit \fI(required)\fR
+.IP \(bu 2
+\fB-s\fR, \fB--service\fR \- New service name
+.IP \(bu 2
+\fB-p\fR, \fB--path\fR \- New path
+.IP \(bu 2
+\fB-m\fR, \fB--method\fR \- New method
+.IP \(bu 2
+\fB-c\fR, \fB--status\fR \- New status code
+.RE
+.PP
+\fBExamples:\fR
+.RS
+.IP \(bu 2
+\fBbanforge rule edit -n "SSH Bruteforce" -t 2h\fR
+.IP \(bu 2
+\fBbanforge rule edit -n "Forbidden" -c 403\fR
+.RE
+.
+.SS "rule remove \- Remove a rule"
+.PP
+\fBbanforge rule remove\fR \fI<name>\fR
+.PP
+Permanently delete a rule by name.
+.PP
+\fBExample:\fR \fBbanforge rule remove "Old Rule"\fR
+.
+.SH "BAN TIME FORMAT"
+.PP
+Use the following suffixes for ban duration:
+.RS
+.IP \(bu 2
+\fBs\fR \- Seconds
+.IP \(bu 2
+\fBm\fR \- Minutes
+.IP \(bu 2
+\fBh\fR \- Hours
+.IP \(bu 2
+\fBd\fR \- Days
+.IP \(bu 2
+\fBM\fR \- Months (30 days)
+.IP \(bu 2
+\fBy\fR \- Years (365 days)
+.RE
+.PP
+\fBExamples:\fR 30s, 5m, 2h, 1d, 1M, 1y
+.
+.SH "CONFIGURATION FILES"
+.PP
+Configuration files are stored in \fI/etc/banforge/\fR:
+.RS
+.IP \(bu 2
+\fIconfig.toml\fR \- main daemon configuration
+.IP \(bu 2
+\fIrules.toml\fR \- default rules
+.IP \(bu 2
+\fIrules.d/*.toml\fR \- individual rule files
+.RE
+.PP
+See \fBbanforge(5)\fR for configuration file format details including actions setup.
+.
+.SH "EXIT STATUS"
+.PP
+\fB0\fR \- Success
+.br
+\fB1\fR \- General error
+.br
+\fB2\fR \- Configuration error
+.
+.SH EXAMPLES
+.PP
+.RS
+.IP \(bu 2
+Initialize configuration: \fBbanforge init\fR
+.IP \(bu 2
+Start daemon: \fBbanforge daemon\fR
+.IP \(bu 2
+Ban an IP: \fBbanforge ban 192.168.1.100 -t 1h\fR
+.IP \(bu 2
+Add a rule: \fBbanforge rule add -n "404" -s nginx -c 404 -t 30m\fR
+.IP \(bu 2
+List blocked IPs: \fBbanforge list\fR
+.RE
+.
+.SH "SEE ALSO"
+.BR iptables (8),
+.BR nftables (8),
+.BR fail2ban (1),
+.BR nginx (8)
+.
+.SH AUTHOR
+.PP
+Ilya "d3m0k1d" Chernishev contact@d3m0k1d.ru
--- a/docs/man/banforge.5
+++ b/docs/man/banforge.5
@@ -0,0 +1,405 @@
+.TH BANFORGE 5 "24 February 2026" "BanForge 1.0"
+.
+.SH NAME
+banforge \- BanForge configuration file format
+.
+.SH DESCRIPTION
+BanForge uses TOML configuration files stored in \fI/etc/banforge/\fR:
+.RS
+.IP \(bu 2
+\fIconfig.toml\fR \- main daemon configuration
+.IP \(bu 2
+\fIrules.toml\fR \- default rules (legacy)
+.IP \(bu 2
+\fIrules.d/*.toml\fR \- individual rule files (recommended)
+.RE
+.
+.SH "CONFIG.TOML FORMAT"
+.PP
+Main configuration file for BanForge daemon.
+.PP
+\fBStructure:\fR
+.RS
+.IP \(bu 2
+\fB[firewall]\fR \- firewall parameters
+.IP \(bu 2
+\fB[[service]]\fR \- service monitoring configuration (multiple allowed)
+.IP \(bu 2
+\fB[metrics]\fR \- Prometheus metrics configuration (optional)
+.RE
+.
+.SS "Firewall Section"
+.PP
+\fB[firewall]\fR
+.PP
+Defines firewall parameters. The \fBbanforge init\fR command automatically
+detects your installed firewall (nftables, iptables, ufw, firewalld).
+.PP
+\fBFields:\fR
+.RS
+.IP \(bu 2
+\fBname\fR \- Firewall type (nftables, iptables, ufw, firewalld)
+.IP \(bu 2
+\fBconfig\fR \- Path to firewall configuration file
+.RE
+.PP
+\fBExample:\fR
+.RS
+.nf
+[firewall]
+  name = "nftables"
+  config = "/etc/nftables.conf"
+.fi
+.RE
+.
+.SS "Service Section"
+.PP
+\fB[[service]]\fR
+.PP
+Configures service monitoring. Multiple service blocks are allowed.
+.PP
+\fBFields:\fR
+.RS
+.IP \(bu 2
+\fBname\fR \- Service name (nginx, apache, ssh, etc.) \fI(required)\fR
+.IP \(bu 2
+\fBlogging\fR \- Log source type: "file" or "journald" \fI(required)\fR
+.IP \(bu 2
+\fBlog_path\fR \- Path to log file or journal unit name \fI(required)\fR
+.IP \(bu 2
+\fBenabled\fR \- Enable/disable service monitoring (true/false)
+.RE
+.PP
+\fBExamples:\fR
+.RS
+.nf
+# File-based logging
+[[service]]
+  name = "nginx"
+  logging = "file"
+  log_path = "/var/log/nginx/access.log"
+  enabled = true
+
+# Journald logging
+[[service]]
+  name = "nginx"
+  logging = "journald"
+  log_path = "nginx"
+  enabled = false
+.fi
+.RE
+.PP
+\fBNote:\fR When using journald logging, specify the service name in \fBlog_path\fR.
+.
+.SS "Metrics Section"
+.PP
+\fB[metrics]\fR
+.PP
+Configures Prometheus metrics endpoint (optional).
+.PP
+\fBFields:\fR
+.RS
+.IP \(bu 2
+\fBenabled\fR \- Enable/disable metrics (true/false)
+.IP \(bu 2
+\fBport\fR \- Port for metrics endpoint
+.RE
+.PP
+\fBExample:\fR
+.RS
+.nf
+[metrics]
+  enabled = true
+  port = 9090
+.fi
+.RE
+.
+.SH "RULES.TOML FORMAT"
+.PP
+Detection rules define conditions for blocking IP addresses.
+Rules are stored in \fI/etc/banforge/rules.d/\fR as individual \fI.toml\fR files.
+.
+.SS "Rule Section"
+.PP
+\fB[[rule]]\fR
+.PP
+Defines a single detection rule.
+.PP
+\fBFields:\fR
+.RS
+.IP \(bu 2
+\fBname\fR \- Rule name (used as filename) \fI(required)\fR
+.IP \(bu 2
+\fBservice\fR \- Service name (nginx, apache, ssh, etc.) \fI(required)\fR
+.IP \(bu 2
+\fBpath\fR \- Request path to match (e.g., "/admin/*", "*.php")
+.IP \(bu 2
+\fBstatus\fR \- HTTP status code (403, 404, 304, etc.)
+.IP \(bu 2
+\fBmethod\fR \- HTTP method (GET, POST, etc.)
+.IP \(bu 2
+\fBmax_retry\fR \- Max retries before ban (0 = ban on first request)
+.IP \(bu 2
+\fBban_time\fR \- Ban duration (e.g., "1m", "1h", "1d", "1M", "1y")
+.RE
+.PP
+\fBNote:\fR At least one of \fBpath\fR, \fBstatus\fR, or \fBmethod\fR must be specified.
+.PP
+\fBExamples:\fR
+.RS
+.nf
+# Ban on HTTP 304 status
+[[rule]]
+  name = "304 http"
+  service = "nginx"
+  path = ""
+  status = "304"
+  max_retry = 3
+  method = ""
+  ban_time = "1m"
+
+# Ban on path pattern (admin panel)
+[[rule]]
+  name = "Admin Access"
+  service = "nginx"
+  path = "/admin/*"
+  status = ""
+  method = ""
+  max_retry = 2
+  ban_time = "2h"
+
+# SSH brute force protection
+[[rule]]
+  name = "SSH Bruteforce"
+  service = "ssh"
+  path = ""
+  status = "Failed"
+  method = ""
+  max_retry = 5
+  ban_time = "1h"
+.fi
+.RE
+.
+.SH "BAN TIME FORMAT"
+.PP
+Use the following suffixes for ban duration:
+.RS
+.IP \(bu 2
+\fBs\fR \- Seconds
+.IP \(bu 2
+\fBm\fR \- Minutes
+.IP \(bu 2
+\fBh\fR \- Hours
+.IP \(bu 2
+\fBd\fR \- Days
+.IP \(bu 2
+\fBM\fR \- Months (30 days)
+.IP \(bu 2
+\fBy\fR \- Years (365 days)
+.RE
+.
+.SH "ACTIONS"
+.PP
+Rules can trigger custom actions when an IP is banned.
+Multiple actions can be configured per rule.
+Actions are executed after successful ban at firewall level.
+.
+.SS "Supported Action Types"
+.PP
+.RS
+.IP \(bu 2
+\fBemail\fR \- Send email notification via SMTP
+.IP \(bu 2
+\fBwebhook\fR \- Send HTTP request to external service
+.IP \(bu 2
+\fBscript\fR \- Execute custom script
+.RE
+.
+.SS "Variables"
+.PP
+The following variables can be used in \fBbody\fR fields:
+.RS
+.IP \(bu 2
+\fB{ip}\fR \- Banned IP address
+.IP \(bu 2
+\fB{rule}\fR \- Rule name that triggered the ban
+.IP \(bu 2
+\fB{service}\fR \- Service name
+.IP \(bu 2
+\fB{ban_time}\fR \- Ban duration
+.RE
+.
+.SS "Script Action"
+.PP
+Execute a custom script when an IP is banned.
+.PP
+\fBFields:\fR
+.RS
+.IP \(bu 2
+\fBtype\fR \- "script"
+.IP \(bu 2
+\fBenabled\fR \- Enable/disable action (true/false)
+.IP \(bu 2
+\fBinterpretator\fR \- Script interpretator (e.g., "bash", "python")
+.IP \(bu 2
+\fBscript\fR \- Path to script file
+.RE
+.PP
+\fBExample:\fR
+.RS
+.nf
+[[rule]]
+  name = "Notify on Ban"
+  service = "nginx"
+  status = "403"
+  ban_time = "1h"
+
+  [[rule.action]]
+    type = "script"
+    enabled = true
+    interpretator = "bash"
+    script = "/opt/banforge/scripts/notify.sh"
+.fi
+.RE
+.
+.SS "Webhook Action"
+.PP
+Send HTTP webhook when an IP is banned.
+.PP
+\fBFields:\fR
+.RS
+.IP \(bu 2
+\fBtype\fR \- "webhook"
+.IP \(bu 2
+\fBenabled\fR \- Enable/disable action (true/false)
+.IP \(bu 2
+\fBurl\fR \- Webhook URL \fI(required)\fR
+.IP \(bu 2
+\fBmethod\fR \- HTTP method (POST, GET, etc.)
+.IP \(bu 2
+\fBheaders\fR \- Custom headers (key-value pairs)
+.IP \(bu 2
+\fBbody\fR \- Request body (supports variables)
+.RE
+.PP
+\fBExample:\fR
+.RS
+.nf
+[[rule.action]]
+  type = "webhook"
+  enabled = true
+  url = "https://hooks.example.com/ban"
+  method = "POST"
+  headers = { "Content-Type" = "application/json", "Authorization" = "Bearer TOKEN" }
+  body = "{\\\"ip\\\": \\\"{ip}\\\", \\\"rule\\\": \\\"{rule}\\\"}"
+.fi
+.RE
+.
+.SS "Email Action"
+.PP
+Send email notification when an IP is banned.
+.PP
+\fBFields:\fR
+.RS
+.IP \(bu 2
+\fBtype\fR \- "email"
+.IP \(bu 2
+\fBenabled\fR \- Enable/disable action (true/false)
+.IP \(bu 2
+\fBemail\fR \- Recipient email address \fI(required)\fR
+.IP \(bu 2
+\fBemail_sender\fR \- Sender email address \fI(required)\fR
+.IP \(bu 2
+\fBemail_subject\fR \- Email subject (default: "BanForge Alert")
+.IP \(bu 2
+\fBsmtp_host\fR \- SMTP server host \fI(required)\fR
+.IP \(bu 2
+\fBsmtp_port\fR \- SMTP server port \fI(required)\fR
+.IP \(bu 2
+\fBsmtp_user\fR \- SMTP username \fI(required)\fR
+.IP \(bu 2
+\fBsmtp_password\fR \- SMTP password \fI(required)\fR
+.IP \(bu 2
+\fBsmtp_tls\fR \- Enable TLS (true/false)
+.IP \(bu 2
+\fBbody\fR \- Email body text (supports variables)
+.RE
+.PP
+\fBExample:\fR
+.RS
+.nf
+[[rule.action]]
+  type = "email"
+  enabled = true
+  email = "admin@example.com"
+  email_sender = "banforge@example.com"
+  email_subject = "IP Banned"
+  smtp_host = "smtp.example.com"
+  smtp_port = 587
+  smtp_user = "banforge"
+  smtp_password = "secret"
+  smtp_tls = true
+  body = "IP {ip} has been banned for rule {rule}"
+.fi
+.RE
+.
+.SH "COMPLETE RULE EXAMPLE WITH ACTIONS"
+.PP
+.RS
+.nf
+[[rule]]
+  name = "nginx-403"
+  service = "nginx"
+  status = "403"
+  max_retry = 3
+  ban_time = "1h"
+
+  # Email notification
+  [[rule.action]]
+    type = "email"
+    enabled = true
+    email = "admin@example.com"
+    email_sender = "banforge@example.com"
+    smtp_host = "smtp.example.com"
+    smtp_port = 587
+    smtp_user = "banforge"
+    smtp_password = "secret"
+    smtp_tls = true
+    body = "IP {ip} banned by rule {rule}"
+
+  # Slack webhook
+  [[rule.action]]
+    type = "webhook"
+    enabled = true
+    url = "https://hooks.slack.com/services/XXX/YYY/ZZZ"
+    method = "POST"
+    headers = { "Content-Type" = "application/json" }
+    body = "{\\\"text\\\": \\\"IP {ip} banned for rule {rule}\\\"}"
+
+  # Custom script
+  [[rule.action]]
+    type = "script"
+    enabled = true
+    script = "/usr/local/bin/ban-notify.sh"
+    interpretator = "bash"
+.fi
+.RE
+.
+.SH FILES
+.PP
+.RS
+.IP \(bu 2
+\fI/etc/banforge/config.toml\fR \- main configuration
+.IP \(bu 2
+\fI/etc/banforge/rules.d/\fR \- rule files directory
+.RE
+.
+.SH "SEE ALSO"
+.BR banforge (1),
+.BR iptables (8),
+.BR nftables (8),
+.BR systemd (1)
+.
+.SH AUTHOR
+.PP
+Ilya "d3m0k1d" Chernishev contact@d3m0k1d.ru
--- a/go.mod
+++ b/go.mod
@@ -5,15 +5,25 @@ go 1.25.5
 require (
 	github.com/BurntSushi/toml v1.6.0
 	github.com/jedib0t/go-pretty/v6 v6.7.8
-	github.com/mattn/go-sqlite3 v1.14.33
 	github.com/spf13/cobra v1.10.2
+	gopkg.in/natefinch/lumberjack.v2 v2.2.1
+	modernc.org/sqlite v1.46.1
 )

 require (
+	github.com/clipperhouse/uax29/v2 v2.7.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/mattn/go-runewidth v0.0.16 // indirect
-	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.20 // indirect
+	github.com/ncruces/go-strftime v1.0.0 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
+	modernc.org/libc v1.68.0 // indirect
+	modernc.org/mathutil v1.7.1 // indirect
+	modernc.org/memory v1.11.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,21 +1,32 @@
 github.com/BurntSushi/toml v1.6.0 h1:dRaEfpa2VI55EwlIW72hMRHdWouJeRF7TPYhI+AUQjk=
 github.com/BurntSushi/toml v1.6.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
+github.com/clipperhouse/uax29/v2 v2.7.0 h1:+gs4oBZ2gPfVrKPthwbMzWZDaAFPGYK72F0NJv2v7Vk=
+github.com/clipperhouse/uax29/v2 v2.7.0/go.mod h1:EFJ2TJMRUaplDxHKj1qAEhCtQPW2tJSwu5BF98AuoVM=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
+github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jedib0t/go-pretty/v6 v6.7.8 h1:BVYrDy5DPBA3Qn9ICT+PokP9cvCv1KaHv2i+Hc8sr5o=
 github.com/jedib0t/go-pretty/v6 v6.7.8/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU=
-github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
-github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.14.33 h1:A5blZ5ulQo2AtayQ9/limgHEkFreKj1Dv226a1K73s0=
-github.com/mattn/go-sqlite3 v1.14.33/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.20 h1:WcT52H91ZUAwy8+HUkdM3THM6gXqXuLJi9O3rjcQQaQ=
+github.com/mattn/go-runewidth v0.0.20/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
+github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
+github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
-github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
+github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
 github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
@@ -25,10 +36,49 @@ github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3A
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
-golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa h1:Zt3DZoOFFYkKhDT3v7Lm9FDMEV06GpzjG2jrqW+QTE0=
+golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa/go.mod h1:K79w1Vqn7PoiZn+TkNpx3BUWUQksGO3JcVX6qIjytmA=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis=
+modernc.org/cc/v4 v4.27.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
+modernc.org/ccgo/v4 v4.30.2 h1:4yPaaq9dXYXZ2V8s1UgrC3KIj580l2N4ClrLwnbv2so=
+modernc.org/ccgo/v4 v4.30.2/go.mod h1:yZMnhWEdW0qw3EtCndG1+ldRrVGS+bIwyWmAWzS0XEw=
+modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA=
+modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
+modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
+modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
+modernc.org/gc/v3 v3.1.2 h1:ZtDCnhonXSZexk/AYsegNRV1lJGgaNZJuKjJSWKyEqo=
+modernc.org/gc/v3 v3.1.2/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY=
+modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
+modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
+modernc.org/libc v1.68.0 h1:PJ5ikFOV5pwpW+VqCK1hKJuEWsonkIJhhIXyuF/91pQ=
+modernc.org/libc v1.68.0/go.mod h1:NnKCYeoYgsEqnY3PgvNgAeaJnso968ygU8Z0DxjoEc0=
+modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
+modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
+modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
+modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
+modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
+modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
+modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
+modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
+modernc.org/sqlite v1.46.1 h1:eFJ2ShBLIEnUWlLy12raN0Z1plqmFX9Qe3rjQTKt6sU=
+modernc.org/sqlite v1.46.1/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
+modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
+modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
+modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
+modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
--- a/internal/actions/email.go
+++ b/internal/actions/email.go
@@ -0,0 +1,129 @@
+package actions
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net"
+	"net/smtp"
+	"strings"
+
+	"github.com/d3m0k1d/BanForge/internal/config"
+)
+
+func SendEmail(action config.Action) error {
+	if !action.Enabled {
+		return nil
+	}
+
+	if action.SMTPHost == "" {
+		return fmt.Errorf("SMTP host is empty")
+	}
+
+	if action.Email == "" {
+		return fmt.Errorf("recipient email is empty")
+	}
+
+	if action.EmailSender == "" {
+		return fmt.Errorf("sender email is empty")
+	}
+
+	addr := fmt.Sprintf("%s:%d", action.SMTPHost, action.SMTPPort)
+
+	subject := action.EmailSubject
+	if subject == "" {
+		subject = "BanForge Alert"
+	}
+
+	var body strings.Builder
+	body.WriteString("From: " + action.EmailSender + "\r\n")
+	body.WriteString("To: " + action.Email + "\r\n")
+	body.WriteString("Subject: " + subject + "\r\n")
+	body.WriteString("MIME-Version: 1.0\r\n")
+	body.WriteString("Content-Type: text/plain; charset=UTF-8\r\n")
+	body.WriteString("\r\n")
+	body.WriteString(action.Body)
+
+	auth := smtp.PlainAuth("", action.SMTPUser, action.SMTPPassword, action.SMTPHost)
+
+	if action.SMTPTLS {
+		return sendEmailWithTLS(
+			addr,
+			auth,
+			action.EmailSender,
+			[]string{action.Email},
+			body.String(),
+		)
+	}
+
+	return smtp.SendMail(
+		addr,
+		auth,
+		action.EmailSender,
+		[]string{action.Email},
+		[]byte(body.String()),
+	)
+}
+
+func sendEmailWithTLS(addr string, auth smtp.Auth, from string, to []string, msg string) error {
+	host, _, err := net.SplitHostPort(addr)
+	if err != nil {
+		return fmt.Errorf("split host port: %w", err)
+	}
+
+	tlsConfig := &tls.Config{
+		ServerName: host,
+		MinVersion: tls.VersionTLS12,
+	}
+
+	conn, err := tls.Dial("tcp", addr, tlsConfig)
+	if err != nil {
+		return fmt.Errorf("dial TLS: %w", err)
+	}
+	defer func() {
+		_ = conn.Close()
+	}()
+
+	c, err := smtp.NewClient(conn, host)
+	if err != nil {
+		return fmt.Errorf("create SMTP client: %w", err)
+	}
+	defer func() {
+		_ = c.Close()
+	}()
+
+	if auth != nil {
+		if ok, _ := c.Extension("AUTH"); !ok {
+			return fmt.Errorf("SMTP server does not support AUTH")
+		}
+		if err = c.Auth(auth); err != nil {
+			return fmt.Errorf("authenticate: %w", err)
+		}
+	}
+
+	if err = c.Mail(from); err != nil {
+		return fmt.Errorf("mail from: %w", err)
+	}
+
+	for _, addr := range to {
+		if err = c.Rcpt(addr); err != nil {
+			return fmt.Errorf("rcpt to: %w", err)
+		}
+	}
+
+	w, err := c.Data()
+	if err != nil {
+		return fmt.Errorf("data: %w", err)
+	}
+
+	_, err = w.Write([]byte(msg))
+	if err != nil {
+		return fmt.Errorf("write message: %w", err)
+	}
+
+	err = w.Close()
+	if err != nil {
+		return fmt.Errorf("close data: %w", err)
+	}
+
+	return c.Quit()
+}
--- a/internal/actions/email_test.go
+++ b/internal/actions/email_test.go
@@ -0,0 +1,338 @@
+package actions
+
+import (
+	"bufio"
+	"crypto/tls"
+	"fmt"
+	"net"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/d3m0k1d/BanForge/internal/config"
+)
+
+type simpleSMTPServer struct {
+	listener net.Listener
+	messages []string
+	done     chan struct{}
+}
+
+func newSimpleSMTPServer(t *testing.T, useTLS bool) *simpleSMTPServer {
+	t.Helper()
+
+	l, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatalf("Failed to create listener: %v", err)
+	}
+
+	s := &simpleSMTPServer{
+		listener: l,
+		messages: make([]string, 0),
+		done:     make(chan struct{}),
+	}
+
+	go s.serve(t, useTLS)
+
+	time.Sleep(50 * time.Millisecond)
+
+	return s
+}
+
+func (s *simpleSMTPServer) serve(t *testing.T, useTLS bool) {
+	defer close(s.done)
+
+	for {
+		conn, err := s.listener.Accept()
+		if err != nil {
+			return
+		}
+
+		go func(c net.Conn) {
+			defer c.Close()
+
+			_, _ = c.Write([]byte("220 localhost ESMTP Test Server\r\n"))
+
+			reader := bufio.NewReader(c)
+
+			for {
+				line, err := reader.ReadString('\n')
+				if err != nil {
+					return
+				}
+
+				line = strings.TrimSpace(line)
+				parts := strings.SplitN(line, " ", 2)
+				cmd := strings.ToUpper(parts[0])
+
+				switch cmd {
+				case "EHLO", "HELO":
+					if useTLS {
+						_, _ = c.Write([]byte("250-localhost\r\n250 STARTTLS\r\n"))
+					} else {
+						_, _ = c.Write([]byte("250-localhost\r\n250 AUTH PLAIN\r\n"))
+					}
+
+				case "STARTTLS":
+					if !useTLS {
+						_, _ = c.Write([]byte("454 TLS not available\r\n"))
+						return
+					}
+					_, _ = c.Write([]byte("220 Ready to start TLS\r\n"))
+
+					tlsConfig := &tls.Config{
+						InsecureSkipVerify: true,
+						MinVersion:         tls.VersionTLS12,
+					}
+					tlsConn := tls.Server(c, tlsConfig)
+					if err := tlsConn.Handshake(); err != nil {
+						return
+					}
+					reader = bufio.NewReader(tlsConn)
+					c = tlsConn
+
+				case "AUTH":
+					_, _ = c.Write([]byte("235 Authentication successful\r\n"))
+
+				case "MAIL":
+					_, _ = c.Write([]byte("250 OK\r\n"))
+
+				case "RCPT":
+					_, _ = c.Write([]byte("250 OK\r\n"))
+
+				case "DATA":
+					_, _ = c.Write([]byte("354 End data with <CR><LF>.<CR><LF>\r\n"))
+
+					var msgBuilder strings.Builder
+					for {
+						msgLine, err := reader.ReadString('\n')
+						if err != nil {
+							return
+						}
+						if strings.TrimSpace(msgLine) == "." {
+							break
+						}
+						msgBuilder.WriteString(msgLine)
+					}
+					s.messages = append(s.messages, msgBuilder.String())
+					_, _ = c.Write([]byte("250 OK\r\n"))
+
+				case "QUIT":
+					_, _ = c.Write([]byte("221 Bye\r\n"))
+					return
+
+				default:
+					_, _ = c.Write([]byte("502 Command not implemented\r\n"))
+				}
+			}
+		}(conn)
+	}
+}
+
+func (s *simpleSMTPServer) Addr() string {
+	return s.listener.Addr().String()
+}
+
+func (s *simpleSMTPServer) Close() {
+	_ = s.listener.Close()
+	<-s.done
+}
+
+func (s *simpleSMTPServer) MessageCount() int {
+	return len(s.messages)
+}
+
+func TestSendEmail_Validation(t *testing.T) {
+	tests := []struct {
+		name    string
+		action  config.Action
+		wantErr bool
+		errMsg  string
+	}{
+		{
+			name: "disabled action",
+			action: config.Action{
+				Type:        "email",
+				Enabled:     false,
+				Email:       "test@example.com",
+				EmailSender: "sender@example.com",
+				SMTPHost:    "smtp.example.com",
+			},
+			wantErr: false,
+		},
+		{
+			name: "empty SMTP host",
+			action: config.Action{
+				Type:        "email",
+				Enabled:     true,
+				Email:       "test@example.com",
+				EmailSender: "sender@example.com",
+				SMTPHost:    "",
+			},
+			wantErr: true,
+			errMsg:  "SMTP host is empty",
+		},
+		{
+			name: "empty recipient email",
+			action: config.Action{
+				Type:        "email",
+				Enabled:     true,
+				Email:       "",
+				EmailSender: "sender@example.com",
+				SMTPHost:    "smtp.example.com",
+			},
+			wantErr: true,
+			errMsg:  "recipient email is empty",
+		},
+		{
+			name: "empty sender email",
+			action: config.Action{
+				Type:        "email",
+				Enabled:     true,
+				Email:       "test@example.com",
+				EmailSender: "",
+				SMTPHost:    "smtp.example.com",
+			},
+			wantErr: true,
+			errMsg:  "sender email is empty",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := SendEmail(tt.action)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("SendEmail() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if tt.wantErr && err != nil && tt.errMsg != "" {
+				if err.Error() != tt.errMsg {
+					t.Errorf("SendEmail() error message = %v, want %v", err.Error(), tt.errMsg)
+				}
+			}
+		})
+	}
+}
+
+func TestSendEmail_WithoutTLS(t *testing.T) {
+	server := newSimpleSMTPServer(t, false)
+	defer server.Close()
+
+	host, portStr, _ := net.SplitHostPort(server.Addr())
+	var port int
+	fmt.Sscanf(portStr, "%d", &port)
+
+	action := config.Action{
+		Type:         "email",
+		Enabled:      true,
+		Email:        "recipient@example.com",
+		EmailSender:  "sender@example.com",
+		EmailSubject: "Test Subject",
+		SMTPHost:     host,
+		SMTPPort:     port,
+		SMTPUser:     "user",
+		SMTPPassword: "pass",
+		SMTPTLS:      false,
+		Body:         "Test message body",
+	}
+
+	err := SendEmail(action)
+	if err != nil {
+		t.Fatalf("SendEmail() unexpected error: %v", err)
+	}
+
+	if server.MessageCount() != 1 {
+		t.Errorf("Expected 1 message, got %d", server.MessageCount())
+	}
+}
+
+func TestSendEmail_WithTLS(t *testing.T) {
+	t.Skip("TLS test requires proper TLS handshake handling")
+	server := newSimpleSMTPServer(t, true)
+	defer server.Close()
+
+	host, portStr, _ := net.SplitHostPort(server.Addr())
+	var port int
+	fmt.Sscanf(portStr, "%d", &port)
+
+	action := config.Action{
+		Type:         "email",
+		Enabled:      true,
+		Email:        "recipient@example.com",
+		EmailSender:  "sender@example.com",
+		EmailSubject: "Test Subject TLS",
+		SMTPHost:     host,
+		SMTPPort:     port,
+		SMTPUser:     "user",
+		SMTPPassword: "pass",
+		SMTPTLS:      true,
+		Body:         "Test TLS message body",
+	}
+
+	err := SendEmail(action)
+	if err != nil {
+		t.Fatalf("SendEmail() unexpected error: %v", err)
+	}
+
+	if server.MessageCount() != 1 {
+		t.Errorf("Expected 1 message, got %d", server.MessageCount())
+	}
+}
+
+func TestSendEmail_DefaultSubject(t *testing.T) {
+	server := newSimpleSMTPServer(t, false)
+	defer server.Close()
+
+	host, portStr, _ := net.SplitHostPort(server.Addr())
+	var port int
+	fmt.Sscanf(portStr, "%d", &port)
+
+	action := config.Action{
+		Type:        "email",
+		Enabled:     true,
+		Email:       "test@example.com",
+		EmailSender: "sender@example.com",
+		SMTPHost:    host,
+		SMTPPort:    port,
+		Body:        "Test body",
+	}
+
+	err := SendEmail(action)
+	if err != nil {
+		t.Fatalf("SendEmail() unexpected error: %v", err)
+	}
+
+	if server.MessageCount() != 1 {
+		t.Errorf("Expected 1 message, got %d", server.MessageCount())
+	}
+}
+
+func TestSendEmail_Integration(t *testing.T) {
+	server := newSimpleSMTPServer(t, false)
+	defer server.Close()
+
+	host, portStr, _ := net.SplitHostPort(server.Addr())
+	var port int
+	fmt.Sscanf(portStr, "%d", &port)
+
+	action := config.Action{
+		Type:         "email",
+		Enabled:      true,
+		Email:        "to@example.com",
+		EmailSender:  "from@example.com",
+		EmailSubject: "Integration Test",
+		SMTPHost:     host,
+		SMTPPort:     port,
+		SMTPUser:     "testuser",
+		SMTPPassword: "testpass",
+		SMTPTLS:      false,
+		Body:         "Integration test message",
+	}
+
+	err := SendEmail(action)
+	if err != nil {
+		t.Fatalf("SendEmail() failed: %v", err)
+	}
+
+	t.Logf("Email sent successfully, server received %d message(s)", server.MessageCount())
+}
--- a/internal/actions/interface.go
+++ b/internal/actions/interface.go
@@ -0,0 +1,19 @@
+package actions
+
+import "github.com/d3m0k1d/BanForge/internal/config"
+
+type Executor struct {
+	Action config.Action
+}
+
+func (e *Executor) Execute() error {
+	switch e.Action.Type {
+	case "email":
+		return SendEmail(e.Action)
+	case "webhook":
+		return SendWebhook(e.Action)
+	case "script":
+		return RunScript(e.Action)
+	}
+	return nil
+}
--- a/internal/actions/scripts.go
+++ b/internal/actions/scripts.go
@@ -0,0 +1,32 @@
+package actions
+
+import (
+	"fmt"
+	"os/exec"
+
+	"github.com/d3m0k1d/BanForge/internal/config"
+)
+
+func RunScript(action config.Action) error {
+	if !action.Enabled {
+		return nil
+	}
+	if action.Script == "" {
+		return fmt.Errorf("script on config is empty")
+	}
+	if action.Interpretator == "" {
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command(action.Script)
+		err := cmd.Run()
+		if err != nil {
+			return fmt.Errorf("run script: %w", err)
+		}
+	}
+	// #nosec G204 - managed by system adminstartor
+	cmd := exec.Command(action.Interpretator, action.Script)
+	err := cmd.Run()
+	if err != nil {
+		return fmt.Errorf("run script: %w", err)
+	}
+	return nil
+}
--- a/internal/actions/webhooks.go
+++ b/internal/actions/webhooks.go
@@ -0,0 +1,66 @@
+package actions
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/d3m0k1d/BanForge/internal/config"
+)
+
+var defaultClient = &http.Client{
+	Timeout: 10 * time.Second,
+	Transport: &http.Transport{
+		MaxIdleConns:        100,
+		MaxIdleConnsPerHost: 10,
+		IdleConnTimeout:     90 * time.Second,
+	},
+}
+
+func SendWebhook(action config.Action) error {
+	if !action.Enabled {
+		return nil
+	}
+	if action.URL == "" {
+		return fmt.Errorf("URL on config is empty")
+	}
+
+	method := action.Method
+	if method == "" {
+		method = "POST"
+	}
+
+	var bodyReader io.Reader
+	if action.Body != "" {
+		bodyReader = strings.NewReader(action.Body)
+		if action.Headers["Content-Type"] == "" && action.Headers["content-type"] == "" {
+			action.Headers["Content-Type"] = "application/json"
+		}
+	}
+
+	req, err := http.NewRequest(method, action.URL, bodyReader)
+	if err != nil {
+		return fmt.Errorf("create request: %w", err)
+	}
+
+	for key, value := range action.Headers {
+		req.Header.Add(key, value)
+	}
+
+	// #nosec G704 - HTTP request validation by system administrators
+	resp, err := defaultClient.Do(req)
+	if err != nil {
+		return fmt.Errorf("execute request: %w", err)
+	}
+	defer func() {
+		_ = resp.Body.Close()
+	}()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		return fmt.Errorf("webhook returned status %d", resp.StatusCode)
+	}
+
+	return nil
+}
--- a/internal/blocker/firewalld.go
+++ b/internal/blocker/firewalld.go
@@ -1,9 +1,12 @@
 package blocker

 import (
+	"fmt"
 	"os/exec"
+	"strconv"

 	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
 )

 type Firewalld struct {
@@ -21,19 +24,24 @@ func (f *Firewalld) Ban(ip string) error {
 	if err != nil {
 		return err
 	}
-	cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--add-source", ip, "--permanent")
+	metrics.IncBanAttempt("firewalld")
+	// #nosec G204 - ip is validated
+	cmd := exec.Command("firewall-cmd", "--zone=drop", "--add-source", ip, "--permanent")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		f.logger.Error(err.Error())
+		metrics.IncError()
 		return err
 	}
 	f.logger.Info("Add source " + ip + " " + string(output))
-	output, err = exec.Command("sudo", "firewall-cmd", "--reload").CombinedOutput()
+	output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput()
 	if err != nil {
 		f.logger.Error(err.Error())
+		metrics.IncError()
 		return err
 	}
 	f.logger.Info("Reload " + string(output))
+	metrics.IncBan("firewalld")
 	return nil
 }

@@ -42,19 +50,87 @@ func (f *Firewalld) Unban(ip string) error {
 	if err != nil {
 		return err
 	}
-	cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--remove-source", ip, "--permanent")
+	metrics.IncUnbanAttempt("firewalld")
+	// #nosec G204 - ip is validated
+	cmd := exec.Command("firewall-cmd", "--zone=drop", "--remove-source", ip, "--permanent")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		f.logger.Error(err.Error())
+		metrics.IncError()
 		return err
 	}
 	f.logger.Info("Remove source " + ip + " " + string(output))
-	output, err = exec.Command("sudo", "firewall-cmd", "--reload").CombinedOutput()
+	output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput()
 	if err != nil {
 		f.logger.Error(err.Error())
+		metrics.IncError()
 		return err
 	}
 	f.logger.Info("Reload " + string(output))
+	metrics.IncUnban("firewalld")
+	return nil
+}
+
+func (f *Firewalld) PortOpen(port int, protocol string) error {
+	// #nosec G204 - handle is extracted from Firewalld output and validated
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			f.logger.Error("invalid protocol")
+			return fmt.Errorf("invalid protocol")
+		}
+		s := strconv.Itoa(port)
+		metrics.IncPortOperation("open", protocol)
+		cmd := exec.Command(
+			"firewall-cmd",
+			"--zone=public",
+			"--add-port="+s+"/"+protocol,
+			"--permanent",
+		)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			f.logger.Error(err.Error())
+			metrics.IncError()
+			return err
+		}
+		f.logger.Info("Add port " + s + " " + string(output))
+		output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput()
+		if err != nil {
+			f.logger.Error(err.Error())
+			metrics.IncError()
+			return err
+		}
+		f.logger.Info("Reload " + string(output))
+	}
+	return nil
+}
+
+func (f *Firewalld) PortClose(port int, protocol string) error {
+	// #nosec G204 - handle is extracted from nftables output and validated
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			return fmt.Errorf("invalid protocol")
+		}
+		s := strconv.Itoa(port)
+		metrics.IncPortOperation("close", protocol)
+		cmd := exec.Command(
+			"firewall-cmd",
+			"--zone=public",
+			"--remove-port="+s+"/"+protocol,
+			"--permanent",
+		)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			metrics.IncError()
+			return err
+		}
+		f.logger.Info("Remove port " + s + " " + string(output))
+		output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput()
+		if err != nil {
+			metrics.IncError()
+			return err
+		}
+		f.logger.Info("Reload " + string(output))
+	}
 	return nil
 }

--- a/internal/blocker/interface.go
+++ b/internal/blocker/interface.go
@@ -10,6 +10,8 @@ type BlockerEngine interface {
 	Ban(ip string) error
 	Unban(ip string) error
 	Setup(config string) error
+	PortOpen(port int, protocol string) error
+	PortClose(port int, protocol string) error
 }

 func GetBlocker(fw string, config string) BlockerEngine {
--- a/internal/blocker/iptables.go
+++ b/internal/blocker/iptables.go
@@ -2,8 +2,10 @@ package blocker

 import (
 	"os/exec"
+	"strconv"

 	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
 )

 type Iptables struct {
@@ -23,35 +25,40 @@ func (f *Iptables) Ban(ip string) error {
 	if err != nil {
 		return err
 	}
+	metrics.IncBanAttempt("iptables")
 	err = validateConfigPath(f.config)
 	if err != nil {
 		return err
 	}
-	cmd := exec.Command("sudo", "iptables", "-A", "INPUT", "-s", ip, "-j", "DROP")
+	// #nosec G204 - f.config is validated above via validateConfigPath()
+	cmd := exec.Command("iptables", "-A", "INPUT", "-s", ip, "-j", "DROP")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		f.logger.Error("failed to ban IP",
 			"ip", ip,
 			"error", err.Error(),
 			"output", string(output))
+		metrics.IncError()
 		return err
 	}
 	f.logger.Info("IP banned",
 		"ip", ip,
 		"output", string(output))
+	metrics.IncBan("iptables")

 	err = validateConfigPath(f.config)
 	if err != nil {
 		return err
 	}
 	// #nosec G204 - f.config is validated above via validateConfigPath()
-	cmd = exec.Command("sudo", "iptables-save", "-f", f.config)
+	cmd = exec.Command("iptables-save", "-f", f.config)
 	output, err = cmd.CombinedOutput()
 	if err != nil {
 		f.logger.Error("failed to save config",
 			"config_path", f.config,
 			"error", err.Error(),
 			"output", string(output))
+		metrics.IncError()
 		return err
 	}
 	f.logger.Info("config saved",
@@ -65,35 +72,40 @@ func (f *Iptables) Unban(ip string) error {
 	if err != nil {
 		return err
 	}
+	metrics.IncUnbanAttempt("iptables")
 	err = validateConfigPath(f.config)
 	if err != nil {
 		return err
 	}
-	cmd := exec.Command("sudo", "iptables", "-D", "INPUT", "-s", ip, "-j", "DROP")
+	// #nosec G204 - f.config is validated above via validateConfigPath()
+	cmd := exec.Command("iptables", "-D", "INPUT", "-s", ip, "-j", "DROP")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		f.logger.Error("failed to unban IP",
 			"ip", ip,
 			"error", err.Error(),
 			"output", string(output))
+		metrics.IncError()
 		return err
 	}
 	f.logger.Info("IP unbanned",
 		"ip", ip,
 		"output", string(output))
+	metrics.IncUnban("iptables")

 	err = validateConfigPath(f.config)
 	if err != nil {
 		return err
 	}
 	// #nosec G204 - f.config is validated above via validateConfigPath()
-	cmd = exec.Command("sudo", "iptables-save", "-f", f.config)
+	cmd = exec.Command("iptables-save", "-f", f.config)
 	output, err = cmd.CombinedOutput()
 	if err != nil {
 		f.logger.Error("failed to save config",
 			"config_path", f.config,
 			"error", err.Error(),
 			"output", string(output))
+		metrics.IncError()
 		return err
 	}
 	f.logger.Info("config saved",
@@ -102,6 +114,70 @@ func (f *Iptables) Unban(ip string) error {
 	return nil
 }

+func (f *Iptables) PortOpen(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			f.logger.Error("invalid protocol")
+			return nil
+		}
+		s := strconv.Itoa(port)
+		metrics.IncPortOperation("open", protocol)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command("iptables", "-A", "INPUT", "-p", protocol, "--dport", s, "-j", "ACCEPT")
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			f.logger.Error(err.Error())
+			metrics.IncError()
+			return err
+		}
+		f.logger.Info("Add port " + s + " " + string(output))
+		// #nosec G204 - f.config is validated above via validateConfigPath()
+		cmd = exec.Command("iptables-save", "-f", f.config)
+		output, err = cmd.CombinedOutput()
+		if err != nil {
+			f.logger.Error("failed to save config",
+				"config_path", f.config,
+				"error", err.Error(),
+				"output", string(output))
+			metrics.IncError()
+			return err
+		}
+	}
+	return nil
+}
+
+func (f *Iptables) PortClose(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			f.logger.Error("invalid protocol")
+			return nil
+		}
+		s := strconv.Itoa(port)
+		metrics.IncPortOperation("close", protocol)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command("iptables", "-D", "INPUT", "-p", protocol, "--dport", s, "-j", "ACCEPT")
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			f.logger.Error(err.Error())
+			metrics.IncError()
+			return err
+		}
+		f.logger.Info("Add port " + s + " " + string(output))
+		// #nosec G204 - f.config is validated above via validateConfigPath()
+		cmd = exec.Command("iptables-save", "-f", f.config)
+		output, err = cmd.CombinedOutput()
+		if err != nil {
+			f.logger.Error("failed to save config",
+				"config_path", f.config,
+				"error", err.Error(),
+				"output", string(output))
+			metrics.IncError()
+			return err
+		}
+	}
+	return nil
+}
+
 func (f *Iptables) Setup(config string) error {
 	return nil
 }
--- a/internal/blocker/nftables.go
+++ b/internal/blocker/nftables.go
@@ -3,9 +3,11 @@ package blocker
 import (
 	"fmt"
 	"os/exec"
+	"strconv"
 	"strings"

 	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
 )

 type Nftables struct {
@@ -25,8 +27,9 @@ func (n *Nftables) Ban(ip string) error {
 	if err != nil {
 		return err
 	}
-
-	cmd := exec.Command("sudo", "nft", "add", "rule", "inet", "banforge", "banned",
+	metrics.IncBanAttempt("nftables")
+	// #nosec G204 - ip is validated
+	cmd := exec.Command("nft", "add", "rule", "inet", "banforge", "banned",
 		"ip", "saddr", ip, "drop")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -34,16 +37,19 @@ func (n *Nftables) Ban(ip string) error {
 			"ip", ip,
 			"error", err.Error(),
 			"output", string(output))
+		metrics.IncError()
 		return err
 	}

 	n.logger.Info("IP banned", "ip", ip)
+	metrics.IncBan("nftables")

 	err = saveNftablesConfig(n.config)
 	if err != nil {
 		n.logger.Error("failed to save config",
 			"config_path", n.config,
 			"error", err.Error())
+		metrics.IncError()
 		return err
 	}

@@ -56,21 +62,24 @@ func (n *Nftables) Unban(ip string) error {
 	if err != nil {
 		return err
 	}
+	metrics.IncUnbanAttempt("nftables")

 	handle, err := n.findRuleHandle(ip)
 	if err != nil {
 		n.logger.Error("failed to find rule handle",
 			"ip", ip,
 			"error", err.Error())
+		metrics.IncError()
 		return err
 	}

 	if handle == "" {
 		n.logger.Warn("no rule found for IP", "ip", ip)
+		metrics.IncError()
 		return fmt.Errorf("no rule found for IP %s", ip)
 	}
 	// #nosec G204 - handle is extracted from nftables output and validated
-	cmd := exec.Command("sudo", "nft", "delete", "rule", "inet", "banforge", "banned",
+	cmd := exec.Command("nft", "delete", "rule", "inet", "banforge", "banned",
 		"handle", handle)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -79,16 +88,19 @@ func (n *Nftables) Unban(ip string) error {
 			"handle", handle,
 			"error", err.Error(),
 			"output", string(output))
+		metrics.IncError()
 		return err
 	}

 	n.logger.Info("IP unbanned", "ip", ip, "handle", handle)
+	metrics.IncUnban("nftables")

 	err = saveNftablesConfig(n.config)
 	if err != nil {
 		n.logger.Error("failed to save config",
 			"config_path", n.config,
 			"error", err.Error())
+		metrics.IncError()
 		return err
 	}

@@ -104,16 +116,16 @@ func (n *Nftables) Setup(config string) error {

 	nftConfig := `table inet banforge {
 	chain input {
-		type filter hook input priority 0
-		policy accept
+		type filter hook input priority filter; policy accept;
+		jump banned
 	}

 	chain banned {
 	}
 }
 `
-
-	cmd := exec.Command("sudo", "tee", config)
+	// #nosec G204 - config is managed by adminstartor
+	cmd := exec.Command("tee", config)
 	stdin, err := cmd.StdinPipe()
 	if err != nil {
 		return fmt.Errorf("failed to create stdin pipe: %w", err)
@@ -135,8 +147,8 @@ func (n *Nftables) Setup(config string) error {
 	if err = cmd.Wait(); err != nil {
 		return fmt.Errorf("failed to save config: %w", err)
 	}
-
-	cmd = exec.Command("sudo", "nft", "-f", config)
+	// #nosec G204 - config is managed by adminstartor
+	cmd = exec.Command("nft", "-f", config)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("failed to load nftables config: %s", string(output))
@@ -146,7 +158,7 @@ func (n *Nftables) Setup(config string) error {
 }

 func (n *Nftables) findRuleHandle(ip string) (string, error) {
-	cmd := exec.Command("sudo", "nft", "-a", "list", "chain", "inet", "banforge", "banned")
+	cmd := exec.Command("nft", "-a", "list", "chain", "inet", "banforge", "banned")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		return "", fmt.Errorf("failed to list chain rules: %w", err)
@@ -167,19 +179,102 @@ func (n *Nftables) findRuleHandle(ip string) (string, error) {
 	return "", nil
 }

+func (n *Nftables) PortOpen(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			n.logger.Error("invalid protocol")
+			metrics.IncError()
+			return fmt.Errorf("invalid protocol")
+		}
+		s := strconv.Itoa(port)
+		metrics.IncPortOperation("open", protocol)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command(
+			"nft",
+			"add",
+			"rule",
+			"inet",
+			"banforge",
+			"input",
+			protocol,
+			"dport",
+			s,
+			"accept",
+		)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			n.logger.Error(err.Error())
+			metrics.IncError()
+			return err
+		}
+		n.logger.Info("Add port " + s + " " + string(output))
+		err = saveNftablesConfig(n.config)
+		if err != nil {
+			n.logger.Error("failed to save config",
+				"config_path", n.config,
+				"error", err.Error())
+			metrics.IncError()
+			return err
+		}
+	}
+	return nil
+}
+
+func (n *Nftables) PortClose(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			n.logger.Error("invalid protocol")
+			metrics.IncError()
+			return fmt.Errorf("invalid protocol")
+		}
+		s := strconv.Itoa(port)
+		metrics.IncPortOperation("close", protocol)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command(
+			"nft",
+			"add",
+			"rule",
+			"inet",
+			"banforge",
+			"input",
+			protocol,
+			"dport",
+			s,
+			"drop",
+		)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			n.logger.Error(err.Error())
+			metrics.IncError()
+			return err
+		}
+		n.logger.Info("Add port " + s + " " + string(output))
+		err = saveNftablesConfig(n.config)
+		if err != nil {
+			n.logger.Error("failed to save config",
+				"config_path", n.config,
+				"error", err.Error())
+			metrics.IncError()
+			return err
+		}
+
+	}
+	return nil
+}
+
 func saveNftablesConfig(configPath string) error {
 	err := validateConfigPath(configPath)
 	if err != nil {
 		return err
 	}

-	cmd := exec.Command("sudo", "nft", "list", "ruleset")
+	cmd := exec.Command("nft", "list", "ruleset")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("failed to get nftables ruleset: %w", err)
 	}
-
-	cmd = exec.Command("sudo", "tee", configPath)
+	// #nosec G204 - managed by system adminstartor
+	cmd = exec.Command("tee", configPath)
 	stdin, err := cmd.StdinPipe()
 	if err != nil {
 		return fmt.Errorf("failed to create stdin pipe: %w", err)
--- a/internal/blocker/ufw.go
+++ b/internal/blocker/ufw.go
@@ -3,8 +3,10 @@ package blocker
 import (
 	"fmt"
 	"os/exec"
+	"strconv"

 	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
 )

 type Ufw struct {
@@ -22,18 +24,21 @@ func (u *Ufw) Ban(ip string) error {
 	if err != nil {
 		return err
 	}
-
-	cmd := exec.Command("sudo", "ufw", "--force", "deny", "from", ip)
+	metrics.IncBanAttempt("ufw")
+	// #nosec G204 - ip is validated
+	cmd := exec.Command("ufw", "--force", "deny", "from", ip)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		u.logger.Error("failed to ban IP",
 			"ip", ip,
 			"error", err.Error(),
 			"output", string(output))
+		metrics.IncError()
 		return fmt.Errorf("failed to ban IP %s: %w", ip, err)
 	}

 	u.logger.Info("IP banned", "ip", ip, "output", string(output))
+	metrics.IncBan("ufw")
 	return nil
 }
 func (u *Ufw) Unban(ip string) error {
@@ -41,25 +46,72 @@ func (u *Ufw) Unban(ip string) error {
 	if err != nil {
 		return err
 	}
-
-	cmd := exec.Command("sudo", "ufw", "--force", "delete", "deny", "from", ip)
+	metrics.IncUnbanAttempt("ufw")
+	// #nosec G204 - ip is validated
+	cmd := exec.Command("ufw", "--force", "delete", "deny", "from", ip)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		u.logger.Error("failed to unban IP",
 			"ip", ip,
 			"error", err.Error(),
 			"output", string(output))
+		metrics.IncError()
 		return fmt.Errorf("failed to unban IP %s: %w", ip, err)
 	}

 	u.logger.Info("IP unbanned", "ip", ip, "output", string(output))
+	metrics.IncUnban("ufw")
+	return nil
+}
+
+func (u *Ufw) PortOpen(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			u.logger.Error("invalid protocol")
+			metrics.IncError()
+			return fmt.Errorf("invalid protocol")
+		}
+		s := strconv.Itoa(port)
+		metrics.IncPortOperation("open", protocol)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command("ufw", "allow", s+"/"+protocol)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			u.logger.Error(err.Error())
+			metrics.IncError()
+			return err
+		}
+		u.logger.Info("Add port " + s + " " + string(output))
+	}
+	return nil
+}
+
+func (u *Ufw) PortClose(port int, protocol string) error {
+	if port >= 0 && port <= 65535 {
+		if protocol != "tcp" && protocol != "udp" {
+			u.logger.Error("invalid protocol")
+			metrics.IncError()
+			return nil
+		}
+		s := strconv.Itoa(port)
+		metrics.IncPortOperation("close", protocol)
+		// #nosec G204 - managed by system adminstartor
+		cmd := exec.Command("ufw", "deny", s+"/"+protocol)
+		output, err := cmd.CombinedOutput()
+		if err != nil {
+			u.logger.Error(err.Error())
+			metrics.IncError()
+			return err
+		}
+		u.logger.Info("Add port " + s + " " + string(output))
+	}
 	return nil
 }

 func (u *Ufw) Setup(config string) error {
 	if config != "" {
 		fmt.Printf("Ufw dont support config file\n")
-		cmd := exec.Command("sudo", "ufw", "enable")
+		cmd := exec.Command("ufw", "enable")
 		output, err := cmd.CombinedOutput()
 		if err != nil {
 			u.logger.Error("failed to enable ufw",
@@ -69,7 +121,7 @@ func (u *Ufw) Setup(config string) error {
 		}
 	}
 	if config == "" {
-		cmd := exec.Command("sudo", "ufw", "enable")
+		cmd := exec.Command("ufw", "enable")
 		output, err := cmd.CombinedOutput()
 		if err != nil {
 			u.logger.Error("failed to enable ufw",
--- a/internal/config/appconf.go
+++ b/internal/config/appconf.go
@@ -3,147 +3,179 @@ package config
 import (
 	"fmt"
 	"os"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"time"

 	"github.com/BurntSushi/toml"
-	"github.com/d3m0k1d/BanForge/internal/logger"
 )

 func LoadRuleConfig() ([]Rule, error) {
-	log := logger.New(false)
+	const rulesDir = "/etc/banforge/rules.d"
+
 	var cfg Rules

-	_, err := toml.DecodeFile("/etc/banforge/rules.toml", &cfg)
+	files, err := os.ReadDir(rulesDir)
 	if err != nil {
-		log.Error(fmt.Sprintf("failed to decode config: %v", err))
-		return nil, err
+		return nil, fmt.Errorf("failed to read rules directory: %w", err)
+	}
+
+	for _, file := range files {
+		if file.IsDir() || !strings.HasSuffix(file.Name(), ".toml") {
+			continue
+		}
+
+		filePath := filepath.Join(rulesDir, file.Name())
+		var fileCfg Rules
+
+		if _, err := toml.DecodeFile(filePath, &fileCfg); err != nil {
+			return nil, fmt.Errorf("failed to parse rule file %s: %w", filePath, err)
+		}
+
+		cfg.Rules = append(cfg.Rules, fileCfg.Rules...)
 	}

-	log.Info(fmt.Sprintf("loaded %d rules", len(cfg.Rules)))
 	return cfg.Rules, nil
 }

 func NewRule(
-	Name string,
-	ServiceName string,
-	Path string,
-	Status string,
-	Method string,
+	name string,
+	serviceName string,
+	path string,
+	status string,
+	method string,
 	ttl string,
+	maxRetry int,
 ) error {
-	r, err := LoadRuleConfig()
-	if err != nil {
-		r = []Rule{}
+	if name == "" {
+		return fmt.Errorf("rule name can't be empty")
 	}
-	if Name == "" {
-		fmt.Printf("Rule name can't be empty\n")
-		return nil
+
+	rule := Rule{
+		Name:        name,
+		ServiceName: serviceName,
+		Path:        path,
+		Status:      status,
+		Method:      method,
+		BanTime:     ttl,
+		MaxRetry:    maxRetry,
 	}
-	r = append(
-		r,
-		Rule{
-			Name:        Name,
-			ServiceName: ServiceName,
-			Path:        Path,
-			Status:      Status,
-			Method:      Method,
-			BanTime:     ttl,
-		},
-	)
-	file, err := os.Create("/etc/banforge/rules.toml")
+
+	filePath := filepath.Join("/etc/banforge/rules.d", SanitizeRuleFilename(name)+".toml")
+
+	if _, err := os.Stat(filePath); err == nil {
+		return fmt.Errorf("rule with name '%s' already exists", name)
+	}
+
+	cfg := Rules{Rules: []Rule{rule}}
+
+	// #nosec G304 - validate by sanitizeRuleFilename
+	file, err := os.Create(filePath)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to create rule file: %w", err)
 	}
 	defer func() {
-		err = file.Close()
-		if err != nil {
-			fmt.Println(err)
+		if closeErr := file.Close(); closeErr != nil {
+			fmt.Printf("warning: failed to close rule file: %v\n", closeErr)
 		}
 	}()
-	cfg := Rules{Rules: r}

-	err = toml.NewEncoder(file).Encode(cfg)
-	if err != nil {
-		return err
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		return fmt.Errorf("failed to encode rule: %w", err)
 	}
+
 	return nil
 }

-func EditRule(Name string, ServiceName string, Path string, Status string, Method string) error {
-	if Name == "" {
-		return fmt.Errorf("Rule name can't be empty")
+func EditRule(name string, serviceName string, path string, status string, method string) error {
+	if name == "" {
+		return fmt.Errorf("rule name can't be empty")
 	}

-	r, err := LoadRuleConfig()
+	rules, err := LoadRuleConfig()
 	if err != nil {
-		return fmt.Errorf("rules is empty, please use 'banforge add rule' or create rules.toml")
+		return fmt.Errorf("failed to load rules: %w", err)
 	}

 	found := false
-	for i, rule := range r {
-		if rule.Name == Name {
+	var updatedRule *Rule
+	for i, rule := range rules {
+		if rule.Name == name {
 			found = true
+			updatedRule = &rules[i]

-			if ServiceName != "" {
-				r[i].ServiceName = ServiceName
+			if serviceName != "" {
+				updatedRule.ServiceName = serviceName
 			}
-			if Path != "" {
-				r[i].Path = Path
+			if path != "" {
+				updatedRule.Path = path
 			}
-			if Status != "" {
-				r[i].Status = Status
+			if status != "" {
+				updatedRule.Status = status
 			}
-			if Method != "" {
-				r[i].Method = Method
+			if method != "" {
+				updatedRule.Method = method
 			}
 			break
 		}
 	}

 	if !found {
-		return fmt.Errorf("rule '%s' not found", Name)
+		return fmt.Errorf("rule '%s' not found", name)
 	}

-	file, err := os.Create("/etc/banforge/rules.toml")
+	filePath := filepath.Join("/etc/banforge/rules.d", SanitizeRuleFilename(name)+".toml")
+	cfg := Rules{Rules: []Rule{*updatedRule}}
+
+	// #nosec G304 - validate by sanitizeRuleFilename
+	file, err := os.Create(filePath)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to update rule file: %w", err)
 	}
 	defer func() {
-		err = file.Close()
-		if err != nil {
-			fmt.Println(err)
+		if closeErr := file.Close(); closeErr != nil {
+			fmt.Printf("warning: failed to close rule file: %v\n", closeErr)
 		}
 	}()

-	cfg := Rules{Rules: r}
 	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
-		return fmt.Errorf("failed to encode config: %w", err)
+		return fmt.Errorf("failed to encode updated rule: %w", err)
 	}

 	return nil
 }

+func SanitizeRuleFilename(name string) string {
+	result := strings.Map(func(r rune) rune {
+		if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') ||
+			(r >= '0' && r <= '9') || r == '-' || r == '_' {
+			return r
+		}
+		return '_'
+	}, name)
+	return strings.ToLower(result)
+}
+
 func ParseDurationWithYears(s string) (time.Duration, error) {
-	if strings.HasSuffix(s, "y") {
-		years, err := strconv.Atoi(strings.TrimSuffix(s, "y"))
+	if ss, ok := strings.CutSuffix(s, "y"); ok {
+		years, err := strconv.Atoi(ss)
 		if err != nil {
 			return 0, err
 		}
 		return time.Duration(years) * 365 * 24 * time.Hour, nil
 	}

-	if strings.HasSuffix(s, "M") {
-		months, err := strconv.Atoi(strings.TrimSuffix(s, "M"))
+	if ss, ok := strings.CutSuffix(s, "M"); ok {
+		months, err := strconv.Atoi(ss)
 		if err != nil {
 			return 0, err
 		}
 		return time.Duration(months) * 30 * 24 * time.Hour, nil
 	}

-	if strings.HasSuffix(s, "d") {
-		days, err := strconv.Atoi(strings.TrimSuffix(s, "d"))
+	if ss, ok := strings.CutSuffix(s, "d"); ok {
+		days, err := strconv.Atoi(ss)
 		if err != nil {
 			return 0, err
 		}
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -0,0 +1,943 @@
+package config
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/BurntSushi/toml"
+)
+
+// ============================================
+// Tests for SanitizeRuleFilename
+// ============================================
+
+func TestSanitizeRuleFilename(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{
+			name:     "simple alphanumeric",
+			input:    "nginx404",
+			expected: "nginx404",
+		},
+		{
+			name:     "with spaces",
+			input:    "nginx 404 error",
+			expected: "nginx_404_error",
+		},
+		{
+			name:     "with special chars",
+			input:    "nginx/404:error",
+			expected: "nginx_404_error",
+		},
+		{
+			name:     "with dashes and underscores",
+			input:    "nginx-404_error",
+			expected: "nginx-404_error",
+		},
+		{
+			name:     "uppercase to lowercase",
+			input:    "NGINX-404",
+			expected: "nginx-404",
+		},
+		{
+			name:     "mixed case",
+			input:    "Nginx-Admin-Access",
+			expected: "nginx-admin-access",
+		},
+		{
+			name:     "with dots",
+			input:    "nginx.error.page",
+			expected: "nginx_error_page",
+		},
+		{
+			name:     "empty string",
+			input:    "",
+			expected: "",
+		},
+		{
+			name:     "only special chars",
+			input:    "!@#$%^&*()",
+			expected: "__________",
+		},
+		{
+			name:     "russian chars",
+			input:    "nginxошибка",
+			expected: "nginx______",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := SanitizeRuleFilename(tt.input)
+			if result != tt.expected {
+				t.Errorf("SanitizeRuleFilename(%q) = %q, want %q", tt.input, result, tt.expected)
+			}
+		})
+	}
+}
+
+// ============================================
+// Tests for ParseDurationWithYears
+// ============================================
+
+func TestParseDurationWithYears(t *testing.T) {
+	tests := []struct {
+		name        string
+		input       string
+		expected    time.Duration
+		expectError bool
+	}{
+		{
+			name:        "1 year",
+			input:       "1y",
+			expected:    365 * 24 * time.Hour,
+			expectError: false,
+		},
+		{
+			name:        "2 years",
+			input:       "2y",
+			expected:    2 * 365 * 24 * time.Hour,
+			expectError: false,
+		},
+		{
+			name:        "1 month",
+			input:       "1M",
+			expected:    30 * 24 * time.Hour,
+			expectError: false,
+		},
+		{
+			name:        "6 months",
+			input:       "6M",
+			expected:    6 * 30 * 24 * time.Hour,
+			expectError: false,
+		},
+		{
+			name:        "30 days",
+			input:       "30d",
+			expected:    30 * 24 * time.Hour,
+			expectError: false,
+		},
+		{
+			name:        "1 day",
+			input:       "1d",
+			expected:    24 * time.Hour,
+			expectError: false,
+		},
+		{
+			name:        "1 hour",
+			input:       "1h",
+			expected:    time.Hour,
+			expectError: false,
+		},
+		{
+			name:        "30 minutes",
+			input:       "30m",
+			expected:    30 * time.Minute,
+			expectError: false,
+		},
+		{
+			name:        "30 seconds",
+			input:       "30s",
+			expected:    30 * time.Second,
+			expectError: false,
+		},
+		{
+			name:        "complex duration",
+			input:       "1h30m",
+			expected:    1*time.Hour + 30*time.Minute,
+			expectError: false,
+		},
+		{
+			name:        "invalid year format",
+			input:       "abc",
+			expected:    0,
+			expectError: true,
+		},
+		{
+			name:        "invalid month format",
+			input:       "xM",
+			expected:    0,
+			expectError: true,
+		},
+		{
+			name:        "invalid day format",
+			input:       "xd",
+			expected:    0,
+			expectError: true,
+		},
+		{
+			name:        "empty string",
+			input:       "",
+			expected:    0,
+			expectError: true,
+		},
+		{
+			name:        "negative duration",
+			input:       "-1h",
+			expected:    -1 * time.Hour,
+			expectError: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result, err := ParseDurationWithYears(tt.input)
+			if (err != nil) != tt.expectError {
+				t.Errorf("ParseDurationWithYears(%q) error = %v, expectError %v", tt.input, err, tt.expectError)
+				return
+			}
+			if !tt.expectError && result != tt.expected {
+				t.Errorf("ParseDurationWithYears(%q) = %v, want %v", tt.input, result, tt.expected)
+			}
+		})
+	}
+}
+
+// ============================================
+// Tests for Rule validation (NewRule)
+// ============================================
+
+func TestNewRule_EmptyName(t *testing.T) {
+	err := NewRule("", "nginx", "", "", "", "1h", 0)
+	if err == nil {
+		t.Error("NewRule with empty name should return error")
+	}
+	if err.Error() != "rule name can't be empty" {
+		t.Errorf("Unexpected error message: %v", err)
+	}
+}
+
+func TestNewRule_DuplicateRule(t *testing.T) {
+	// Create temp directory for rules
+	tmpDir := t.TempDir()
+
+	// Create first rule
+	firstRulePath := filepath.Join(tmpDir, "test-rule.toml")
+	cfg := Rules{Rules: []Rule{{Name: "test-rule"}}}
+	file, _ := os.Create(firstRulePath)
+	toml.NewEncoder(file).Encode(cfg)
+	file.Close()
+
+	// Try to create duplicate
+	err := NewRule("test-rule", "nginx", "", "", "", "1h", 0)
+	if err == nil {
+		t.Error("NewRule with duplicate name should return error")
+	}
+}
+
+// ============================================
+// Tests for EditRule validation
+// ============================================
+
+func TestEditRule_EmptyName(t *testing.T) {
+	err := EditRule("", "nginx", "", "", "")
+	if err == nil {
+		t.Error("EditRule with empty name should return error")
+	}
+	if err.Error() != "rule name can't be empty" {
+		t.Errorf("Unexpected error message: %v", err)
+	}
+}
+
+// ============================================
+// Tests for Rule struct validation
+// ============================================
+
+func TestRule_StructTags(t *testing.T) {
+	// Test that Rule struct has correct TOML tags
+	rule := Rule{
+		Name:        "test-rule",
+		ServiceName: "nginx",
+		Path:        "/admin/*",
+		Status:      "403",
+		Method:      "POST",
+		MaxRetry:    5,
+		BanTime:     "1h",
+	}
+
+	// Encode to TOML and verify
+	cfg := Rules{Rules: []Rule{rule}}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "test.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode rule: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Rules
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode rule: %v", err)
+	}
+
+	if len(decoded.Rules) != 1 {
+		t.Fatalf("Expected 1 rule, got %d", len(decoded.Rules))
+	}
+
+	decodedRule := decoded.Rules[0]
+	if decodedRule.Name != rule.Name {
+		t.Errorf("Name mismatch: %q != %q", decodedRule.Name, rule.Name)
+	}
+	if decodedRule.ServiceName != rule.ServiceName {
+		t.Errorf("ServiceName mismatch: %q != %q", decodedRule.ServiceName, rule.ServiceName)
+	}
+	if decodedRule.Path != rule.Path {
+		t.Errorf("Path mismatch: %q != %q", decodedRule.Path, rule.Path)
+	}
+	if decodedRule.MaxRetry != rule.MaxRetry {
+		t.Errorf("MaxRetry mismatch: %d != %d", decodedRule.MaxRetry, rule.MaxRetry)
+	}
+	if decodedRule.BanTime != rule.BanTime {
+		t.Errorf("BanTime mismatch: %q != %q", decodedRule.BanTime, rule.BanTime)
+	}
+}
+
+// ============================================
+// Tests for Action struct validation
+// ============================================
+
+func TestAction_EmailAction(t *testing.T) {
+	action := Action{
+		Type:         "email",
+		Enabled:      true,
+		Email:        "admin@example.com",
+		EmailSender:  "banforge@example.com",
+		EmailSubject: "Alert",
+		SMTPHost:     "smtp.example.com",
+		SMTPPort:     587,
+		SMTPUser:     "user",
+		SMTPTLS:      true,
+		Body:         "IP {ip} banned",
+	}
+
+	cfg := Rules{Rules: []Rule{{
+		Name:   "test",
+		Action: []Action{action},
+	}}}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "action.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode action: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Rules
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode action: %v", err)
+	}
+
+	decodedAction := decoded.Rules[0].Action[0]
+	if decodedAction.Type != "email" {
+		t.Errorf("Expected action type 'email', got %q", decodedAction.Type)
+	}
+	if decodedAction.Email != "admin@example.com" {
+		t.Errorf("Expected email 'admin@example.com', got %q", decodedAction.Email)
+	}
+	if decodedAction.SMTPPort != 587 {
+		t.Errorf("Expected SMTP port 587, got %d", decodedAction.SMTPPort)
+	}
+}
+
+func TestAction_WebhookAction(t *testing.T) {
+	action := Action{
+		Type:    "webhook",
+		Enabled: true,
+		URL:     "https://hooks.example.com/alert",
+		Method:  "POST",
+		Headers: map[string]string{
+			"Content-Type":  "application/json",
+			"Authorization": "Bearer token123",
+		},
+		Body: `{"ip": "{ip}", "rule": "{rule}"}`,
+	}
+
+	cfg := Rules{Rules: []Rule{{
+		Name:   "test",
+		Action: []Action{action},
+	}}}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "webhook.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode webhook action: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Rules
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode webhook action: %v", err)
+	}
+
+	decodedAction := decoded.Rules[0].Action[0]
+	if decodedAction.Type != "webhook" {
+		t.Errorf("Expected action type 'webhook', got %q", decodedAction.Type)
+	}
+	if decodedAction.URL != "https://hooks.example.com/alert" {
+		t.Errorf("Expected URL 'https://hooks.example.com/alert', got %q", decodedAction.URL)
+	}
+	if decodedAction.Headers["Content-Type"] != "application/json" {
+		t.Errorf("Expected Content-Type header, got %q", decodedAction.Headers["Content-Type"])
+	}
+}
+
+func TestAction_ScriptAction(t *testing.T) {
+	action := Action{
+		Type:          "script",
+		Enabled:       true,
+		Script:        "/usr/local/bin/notify.sh",
+		Interpretator: "bash",
+	}
+
+	cfg := Rules{Rules: []Rule{{
+		Name:   "test",
+		Action: []Action{action},
+	}}}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "script.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode script action: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Rules
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode script action: %v", err)
+	}
+
+	decodedAction := decoded.Rules[0].Action[0]
+	if decodedAction.Type != "script" {
+		t.Errorf("Expected action type 'script', got %q", decodedAction.Type)
+	}
+	if decodedAction.Script != "/usr/local/bin/notify.sh" {
+		t.Errorf("Expected script path '/usr/local/bin/notify.sh', got %q", decodedAction.Script)
+	}
+	if decodedAction.Interpretator != "bash" {
+		t.Errorf("Expected interpretator 'bash', got %q", decodedAction.Interpretator)
+	}
+}
+
+// ============================================
+// Tests for Service struct validation
+// ============================================
+
+func TestService_FileLogging(t *testing.T) {
+	service := Service{
+		Name:    "nginx",
+		Logging: "file",
+		LogPath: "/var/log/nginx/access.log",
+		Enabled: true,
+	}
+
+	cfg := Config{Service: []Service{service}}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "service.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode service: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Config
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode service: %v", err)
+	}
+
+	if len(decoded.Service) != 1 {
+		t.Fatalf("Expected 1 service, got %d", len(decoded.Service))
+	}
+
+	decodedService := decoded.Service[0]
+	if decodedService.Name != "nginx" {
+		t.Errorf("Expected service name 'nginx', got %q", decodedService.Name)
+	}
+	if decodedService.Logging != "file" {
+		t.Errorf("Expected logging type 'file', got %q", decodedService.Logging)
+	}
+	if decodedService.LogPath != "/var/log/nginx/access.log" {
+		t.Errorf("Expected log path '/var/log/nginx/access.log', got %q", decodedService.LogPath)
+	}
+}
+
+func TestService_JournaldLogging(t *testing.T) {
+	service := Service{
+		Name:    "sshd",
+		Logging: "journald",
+		LogPath: "sshd",
+		Enabled: true,
+	}
+
+	cfg := Config{Service: []Service{service}}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "journald.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode journald service: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Config
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode journald service: %v", err)
+	}
+
+	decodedService := decoded.Service[0]
+	if decodedService.Logging != "journald" {
+		t.Errorf("Expected logging type 'journald', got %q", decodedService.Logging)
+	}
+}
+
+// ============================================
+// Tests for Metrics struct validation
+// ============================================
+
+func TestMetrics_Enabled(t *testing.T) {
+	metrics := Metrics{
+		Enabled: true,
+		Port:    9090,
+	}
+
+	cfg := Config{Metrics: metrics}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "metrics.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode metrics: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Config
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode metrics: %v", err)
+	}
+
+	if !decoded.Metrics.Enabled {
+		t.Error("Expected metrics to be enabled")
+	}
+	if decoded.Metrics.Port != 9090 {
+		t.Errorf("Expected metrics port 9090, got %d", decoded.Metrics.Port)
+	}
+}
+
+func TestMetrics_Disabled(t *testing.T) {
+	metrics := Metrics{
+		Enabled: false,
+		Port:    0,
+	}
+
+	cfg := Config{Metrics: metrics}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "metrics-disabled.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode disabled metrics: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Config
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode disabled metrics: %v", err)
+	}
+
+	if decoded.Metrics.Enabled {
+		t.Error("Expected metrics to be disabled")
+	}
+}
+
+// ============================================
+// Tests for Firewall struct validation
+// ============================================
+
+func TestFirewall_Nftables(t *testing.T) {
+	firewall := Firewall{
+		Name:   "nftables",
+		Config: "/etc/nftables.conf",
+	}
+
+	cfg := Config{Firewall: firewall}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "firewall.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode firewall: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Config
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode firewall: %v", err)
+	}
+
+	if decoded.Firewall.Name != "nftables" {
+		t.Errorf("Expected firewall name 'nftables', got %q", decoded.Firewall.Name)
+	}
+	if decoded.Firewall.Config != "/etc/nftables.conf" {
+		t.Errorf("Expected firewall config '/etc/nftables.conf', got %q", decoded.Firewall.Config)
+	}
+}
+
+func TestFirewall_Iptables(t *testing.T) {
+	firewall := Firewall{
+		Name:   "iptables",
+		Config: "",
+	}
+
+	cfg := Config{Firewall: firewall}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "iptables.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode iptables: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Config
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode iptables: %v", err)
+	}
+
+	if decoded.Firewall.Name != "iptables" {
+		t.Errorf("Expected firewall name 'iptables', got %q", decoded.Firewall.Name)
+	}
+}
+
+func TestFirewall_Ufw(t *testing.T) {
+	firewall := Firewall{
+		Name:   "ufw",
+		Config: "",
+	}
+
+	cfg := Config{Firewall: firewall}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "ufw.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode ufw: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Config
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode ufw: %v", err)
+	}
+
+	if decoded.Firewall.Name != "ufw" {
+		t.Errorf("Expected firewall name 'ufw', got %q", decoded.Firewall.Name)
+	}
+}
+
+func TestFirewall_Firewalld(t *testing.T) {
+	firewall := Firewall{
+		Name:   "firewalld",
+		Config: "",
+	}
+
+	cfg := Config{Firewall: firewall}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "firewalld.toml")
+
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(cfg); err != nil {
+		t.Fatalf("Failed to encode firewalld: %v", err)
+	}
+
+	// Read back and verify
+	var decoded Config
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode firewalld: %v", err)
+	}
+
+	if decoded.Firewall.Name != "firewalld" {
+		t.Errorf("Expected firewall name 'firewalld', got %q", decoded.Firewall.Name)
+	}
+}
+
+// ============================================
+// Integration test: Full config round-trip
+// ============================================
+
+func TestConfig_FullRoundTrip(t *testing.T) {
+	fullConfig := Config{
+		Firewall: Firewall{
+			Name:   "nftables",
+			Config: "/etc/nftables.conf",
+		},
+		Metrics: Metrics{
+			Enabled: true,
+			Port:    9090,
+		},
+		Service: []Service{
+			{
+				Name:    "nginx",
+				Logging: "file",
+				LogPath: "/var/log/nginx/access.log",
+				Enabled: true,
+			},
+			{
+				Name:    "sshd",
+				Logging: "journald",
+				LogPath: "sshd",
+				Enabled: true,
+			},
+		},
+	}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "full-config.toml")
+
+	// Encode
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(fullConfig); err != nil {
+		t.Fatalf("Failed to encode full config: %v", err)
+	}
+
+	// Decode
+	var decoded Config
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode full config: %v", err)
+	}
+
+	// Verify firewall
+	if decoded.Firewall.Name != fullConfig.Firewall.Name {
+		t.Errorf("Firewall.Name mismatch: %q != %q", decoded.Firewall.Name, fullConfig.Firewall.Name)
+	}
+
+	// Verify metrics
+	if decoded.Metrics.Enabled != fullConfig.Metrics.Enabled {
+		t.Errorf("Metrics.Enabled mismatch: %v != %v", decoded.Metrics.Enabled, fullConfig.Metrics.Enabled)
+	}
+	if decoded.Metrics.Port != fullConfig.Metrics.Port {
+		t.Errorf("Metrics.Port mismatch: %d != %d", decoded.Metrics.Port, fullConfig.Metrics.Port)
+	}
+
+	// Verify services
+	if len(decoded.Service) != len(fullConfig.Service) {
+		t.Fatalf("Services count mismatch: %d != %d", len(decoded.Service), len(fullConfig.Service))
+	}
+
+	for i, expected := range fullConfig.Service {
+		actual := decoded.Service[i]
+		if actual.Name != expected.Name {
+			t.Errorf("Service[%d].Name mismatch: %q != %q", i, actual.Name, expected.Name)
+		}
+		if actual.Logging != expected.Logging {
+			t.Errorf("Service[%d].Logging mismatch: %q != %q", i, actual.Logging, expected.Logging)
+		}
+		if actual.Enabled != expected.Enabled {
+			t.Errorf("Service[%d].Enabled mismatch: %v != %v", i, actual.Enabled, expected.Enabled)
+		}
+	}
+}
+
+// ============================================
+// Integration test: Full rule with actions round-trip
+// ============================================
+
+func TestRule_FullRoundTrip(t *testing.T) {
+	fullRule := Rules{
+		Rules: []Rule{
+			{
+				Name:        "nginx-bruteforce",
+				ServiceName: "nginx",
+				Path:        "/admin/*",
+				Status:      "403",
+				Method:      "POST",
+				MaxRetry:    5,
+				BanTime:     "2h",
+				Action: []Action{
+					{
+						Type:         "email",
+						Enabled:      true,
+						Email:        "admin@example.com",
+						EmailSender:  "banforge@example.com",
+						EmailSubject: "Ban Alert",
+						SMTPHost:     "smtp.example.com",
+						SMTPPort:     587,
+						SMTPUser:     "user",
+						SMTPPassword: "pass",
+						SMTPTLS:      true,
+						Body:         "IP {ip} banned for rule {rule}",
+					},
+					{
+						Type:    "webhook",
+						Enabled: true,
+						URL:     "https://hooks.slack.com/services/xxx",
+						Method:  "POST",
+						Headers: map[string]string{
+							"Content-Type": "application/json",
+						},
+						Body: `{"text": "IP {ip} banned"}`,
+					},
+					{
+						Type:          "script",
+						Enabled:       true,
+						Script:        "/usr/local/bin/notify.sh",
+						Interpretator: "bash",
+					},
+				},
+			},
+		},
+	}
+
+	tmpDir := t.TempDir()
+	tmpFile := filepath.Join(tmpDir, "full-rule.toml")
+
+	// Encode
+	file, err := os.Create(tmpFile)
+	if err != nil {
+		t.Fatalf("Failed to create temp file: %v", err)
+	}
+	defer file.Close()
+
+	if err := toml.NewEncoder(file).Encode(fullRule); err != nil {
+		t.Fatalf("Failed to encode full rule: %v", err)
+	}
+
+	// Decode
+	var decoded Rules
+	if _, err := toml.DecodeFile(tmpFile, &decoded); err != nil {
+		t.Fatalf("Failed to decode full rule: %v", err)
+	}
+
+	// Verify rule
+	if len(decoded.Rules) != 1 {
+		t.Fatalf("Expected 1 rule, got %d", len(decoded.Rules))
+	}
+
+	rule := decoded.Rules[0]
+	if rule.Name != fullRule.Rules[0].Name {
+		t.Errorf("Rule.Name mismatch: %q != %q", rule.Name, fullRule.Rules[0].Name)
+	}
+	if rule.ServiceName != fullRule.Rules[0].ServiceName {
+		t.Errorf("Rule.ServiceName mismatch: %q != %q", rule.ServiceName, fullRule.Rules[0].ServiceName)
+	}
+	if rule.MaxRetry != fullRule.Rules[0].MaxRetry {
+		t.Errorf("Rule.MaxRetry mismatch: %d != %d", rule.MaxRetry, fullRule.Rules[0].MaxRetry)
+	}
+
+	// Verify actions
+	if len(rule.Action) != 3 {
+		t.Fatalf("Expected 3 actions, got %d", len(rule.Action))
+	}
+
+	// Email action
+	emailAction := rule.Action[0]
+	if emailAction.Type != "email" {
+		t.Errorf("Action[0].Type mismatch: %q != 'email'", emailAction.Type)
+	}
+	if emailAction.Email != "admin@example.com" {
+		t.Errorf("Email action email mismatch: %q != 'admin@example.com'", emailAction.Email)
+	}
+
+	// Webhook action
+	webhookAction := rule.Action[1]
+	if webhookAction.Type != "webhook" {
+		t.Errorf("Action[1].Type mismatch: %q != 'webhook'", webhookAction.Type)
+	}
+	if webhookAction.Headers["Content-Type"] != "application/json" {
+		t.Errorf("Webhook Content-Type header mismatch")
+	}
+
+	// Script action
+	scriptAction := rule.Action[2]
+	if scriptAction.Type != "script" {
+		t.Errorf("Action[2].Type mismatch: %q != 'script'", scriptAction.Type)
+	}
+	if scriptAction.Script != "/usr/local/bin/notify.sh" {
+		t.Errorf("Script action script mismatch: %q != '/usr/local/bin/notify.sh'", scriptAction.Script)
+	}
+}
--- a/internal/config/sysconf.go
+++ b/internal/config/sysconf.go
@@ -16,6 +16,24 @@ const (
 	ConfigFile = "config.toml"
 )

+func createFileWithPermissions(path string, perm os.FileMode) error {
+	// #nosec G304 - path is controlled by config package not user
+	file, err := os.Create(path)
+	if err != nil {
+		return err
+	}
+
+	if err := os.Chmod(path, perm); err != nil {
+		_ = file.Close()
+		return err
+	}
+
+	if err := file.Close(); err != nil {
+		return err
+	}
+	return nil
+}
+
 func CreateConf() error {
 	if os.Geteuid() != 0 {
 		return fmt.Errorf("you must be root to run this command, use sudo/doas")
@@ -28,53 +46,49 @@ func CreateConf() error {
 		return nil
 	}

-	file, err := os.Create("/etc/banforge/config.toml")
-	if err != nil {
-		return fmt.Errorf("failed to create config file: %w", err)
+	if err := os.MkdirAll(ConfigDir, 0750); err != nil {
+		return fmt.Errorf("failed to create config directory: %w", err)
 	}
-	defer func() {
-		err = file.Close()
-		if err != nil {
-			fmt.Println(err)
-		}
-	}()
-	if err := os.Chmod(configPath, 0600); err != nil {
-		return fmt.Errorf("failed to set permissions: %w", err)
-	}
-	err = os.WriteFile(configPath, []byte(Base_config), 0600)
-	if err != nil {
+
+	if err := os.WriteFile(configPath, []byte(Base_config), 0600); err != nil {
 		return fmt.Errorf("failed to write config file: %w", err)
 	}
-	fmt.Printf(" Config file created: %s\n", configPath)
-	file, err = os.Create("/etc/banforge/rules.toml")
-	if err != nil {
-		return fmt.Errorf("failed to create rules file: %w", err)
+	fmt.Printf("Config file created: %s\n", configPath)
+
+	rulesDir := filepath.Join(ConfigDir, "rules.d")
+	if err := os.MkdirAll(rulesDir, 0750); err != nil {
+		return fmt.Errorf("failed to create rules directory: %w", err)
 	}
-	file, err = os.Create("/var/lib/banforge/storage.db")
-	if err != nil {
-		return fmt.Errorf("failed to create database file: %w", err)
+	fmt.Printf("Rules directory created: %s\n", rulesDir)
+
+	bansDBDir := filepath.Dir("/var/lib/banforge/bans.db")
+	if err := os.MkdirAll(bansDBDir, 0750); err != nil {
+		return fmt.Errorf("failed to create bans database directory: %w", err)
 	}
-	err = os.Chmod("/var/lib/banforge/storage.db", 0600)
-	if err != nil {
-		return fmt.Errorf("failed to set permissions: %w", err)
+
+	reqDBDir := filepath.Dir("/var/lib/banforge/requests.db")
+	if err := os.MkdirAll(reqDBDir, 0750); err != nil {
+		return fmt.Errorf("failed to create requests database directory: %w", err)
 	}
-	defer func() {
-		err = file.Close()
-		if err != nil {
-			fmt.Println(err)
-		}
-	}()
-	if err := os.Chmod(configPath, 0600); err != nil {
-		return fmt.Errorf("failed to set permissions: %w", err)
+
+	bansDBPath := "/var/lib/banforge/bans.db"
+	if err := createFileWithPermissions(bansDBPath, 0600); err != nil {
+		return fmt.Errorf("failed to create bans database file: %w", err)
 	}
-	fmt.Printf(" Rules file created: %s\n", configPath)
+	fmt.Printf("Bans database file created: %s\n", bansDBPath)
+
+	reqDBPath := "/var/lib/banforge/requests.db"
+	if err := createFileWithPermissions(reqDBPath, 0600); err != nil {
+		return fmt.Errorf("failed to create requests database file: %w", err)
+	}
+	fmt.Printf("Requests database file created: %s\n", reqDBPath)
+
 	return nil
 }

 func FindFirewall() error {
-	if os.Getegid() != 0 {
-		fmt.Printf("Firewall settings needs sudo privileges\n")
-		os.Exit(1)
+	if os.Geteuid() != 0 {
+		return fmt.Errorf("firewall settings needs sudo privileges")
 	}

 	firewalls := []string{"nft", "firewall-cmd", "iptables", "ufw"}
@@ -107,10 +121,7 @@ func FindFirewall() error {

 			encoder := toml.NewEncoder(file)
 			if err := encoder.Encode(cfg); err != nil {
-				err = file.Close()
-				if err != nil {
-					return fmt.Errorf("failed to close file: %w", err)
-				}
+				_ = file.Close()
 				return fmt.Errorf("failed to encode config: %w", err)
 			}

--- a/internal/config/template.go
+++ b/internal/config/template.go
@@ -8,6 +8,10 @@ const Base_config = `
 name = ""
 config = "/etc/nftables.conf"

+[metrics]
+enabled = false
+port = 2122
+
 [[service]]
 name = "nginx"
 logging = "file"
--- a/internal/config/types.go
+++ b/internal/config/types.go
@@ -14,6 +14,7 @@ type Service struct {

 type Config struct {
 	Firewall Firewall  `toml:"firewall"`
+	Metrics  Metrics   `toml:"metrics"`
 	Service  []Service `toml:"service"`
 }

@@ -23,10 +24,37 @@ type Rules struct {
 }

 type Rule struct {
-	Name        string `toml:"name"`
-	ServiceName string `toml:"service"`
-	Path        string `toml:"path"`
-	Status      string `toml:"status"`
-	Method      string `toml:"method"`
-	BanTime     string `toml:"ban_time"`
+	Name        string   `toml:"name"`
+	ServiceName string   `toml:"service"`
+	Path        string   `toml:"path"`
+	Status      string   `toml:"status"`
+	Method      string   `toml:"method"`
+	MaxRetry    int      `toml:"max_retry"`
+	BanTime     string   `toml:"ban_time"`
+	Action      []Action `toml:"action"`
+}
+
+type Metrics struct {
+	Enabled bool `toml:"enabled"`
+	Port    int  `toml:"port"`
+}
+
+// Actions
+type Action struct {
+	Type          string            `toml:"type"`
+	Enabled       bool              `toml:"enabled"`
+	URL           string            `toml:"url"`
+	Method        string            `toml:"method"`
+	Headers       map[string]string `toml:"headers"`
+	Body          string            `toml:"body"`
+	Email         string            `toml:"email"`
+	EmailSender   string            `toml:"email_sender"`
+	EmailSubject  string            `toml:"email_subject"`
+	SMTPHost      string            `toml:"smtp_host"`
+	SMTPPort      int               `toml:"smtp_port"`
+	SMTPUser      string            `toml:"smtp_user"`
+	SMTPPassword  string            `toml:"smtp_password"`
+	SMTPTLS       bool              `toml:"smtp_tls"`
+	Interpretator string            `toml:"interpretator"`
+	Script        string            `toml:"script"`
 }
--- a/internal/judge/judge.go
+++ b/internal/judge/judge.go
@@ -2,27 +2,45 @@ package judge

 import (
 	"fmt"
+	"strings"
 	"time"

+	"github.com/d3m0k1d/BanForge/internal/actions"
 	"github.com/d3m0k1d/BanForge/internal/blocker"
 	"github.com/d3m0k1d/BanForge/internal/config"
 	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
 	"github.com/d3m0k1d/BanForge/internal/storage"
 )

 type Judge struct {
-	db             *storage.DB
+	db_r           *storage.BanReader
+	db_w           *storage.BanWriter
+	db_rq          *storage.RequestReader
 	logger         *logger.Logger
 	Blocker        blocker.BlockerEngine
 	rulesByService map[string][]config.Rule
+	entryCh        chan *storage.LogEntry
+	resultCh       chan *storage.LogEntry
 }

-func New(db *storage.DB, b blocker.BlockerEngine) *Judge {
+func New(
+	db_r *storage.BanReader,
+	db_w *storage.BanWriter,
+	db_rq *storage.RequestReader,
+	b blocker.BlockerEngine,
+	resultCh chan *storage.LogEntry,
+	entryCh chan *storage.LogEntry,
+) *Judge {
 	return &Judge{
-		db:             db,
+		db_w:           db_w,
+		db_r:           db_r,
+		db_rq:          db_rq,
 		logger:         logger.New(false),
 		rulesByService: make(map[string][]config.Rule),
 		Blocker:        b,
+		entryCh:        entryCh,
+		resultCh:       resultCh,
 	}
 }

@@ -37,84 +55,107 @@ func (j *Judge) LoadRules(rules []config.Rule) {
 	j.logger.Info("Rules loaded and indexed by service")
 }

-func (j *Judge) ProcessUnviewed() error {
-	rows, err := j.db.SearchUnViewed()
-	if err != nil {
-		j.logger.Error(fmt.Sprintf("Failed to query database: %v", err))
-		return err
-	}
-	defer func() {
-		err = rows.Close()
-		if err != nil {
-			j.logger.Error(fmt.Sprintf("Failed to close database connection: %v", err))
-		}
-	}()
-	for rows.Next() {
-		var entry storage.LogEntry
-		err = rows.Scan(
-			&entry.ID,
-			&entry.Service,
-			&entry.IP,
-			&entry.Path,
-			&entry.Status,
-			&entry.Method,
-			&entry.IsViewed,
-			&entry.CreatedAt,
+func (j *Judge) Tribunal() {
+	j.logger.Info("Tribunal started")
+
+	for entry := range j.entryCh {
+		j.logger.Debug(
+			"Processing entry",
+			"ip",
+			entry.IP,
+			"service",
+			entry.Service,
+			"status",
+			entry.Status,
 		)
-		if err != nil {
-			j.logger.Error(fmt.Sprintf("Failed to scan database row: %v", err))
+
+		rules, serviceExists := j.rulesByService[entry.Service]
+		if !serviceExists {
+			j.logger.Debug("No rules for service", "service", entry.Service)
 			continue
 		}

-		rules, serviceExists := j.rulesByService[entry.Service]
-		if serviceExists {
-			for _, rule := range rules {
-				if (rule.Method == "" || entry.Method == rule.Method) &&
-					(rule.Status == "" || entry.Status == rule.Status) &&
-					(rule.Path == "" || entry.Path == rule.Path) {
-
-					j.logger.Info(
-						fmt.Sprintf(
-							"Rule matched for IP: %s, Service: %s",
-							entry.IP,
-							entry.Service,
-						),
-					)
-					ban_status, err := j.db.IsBanned(entry.IP)
-					if err != nil {
-						j.logger.Error(fmt.Sprintf("Failed to check ban status: %v", err))
-						return err
-					}
-					if !ban_status {
-						err = j.Blocker.Ban(entry.IP)
-						if err != nil {
-							j.logger.Error(fmt.Sprintf("Failed to ban IP: %v", err))
-						}
-						j.logger.Info(fmt.Sprintf("IP banned: %s", entry.IP))
-						err = j.db.AddBan(entry.IP, rule.BanTime)
-						if err != nil {
-							j.logger.Error(fmt.Sprintf("Failed to add ban: %v", err))
-						}
-					}
+		ruleMatched := false
+		for _, rule := range rules {
+			methodMatch := rule.Method == "" || entry.Method == rule.Method
+			statusMatch := rule.Status == "" || entry.Status == rule.Status
+			pathMatch := matchPath(entry.Path, rule.Path)
+			if methodMatch && statusMatch && pathMatch {
+				ruleMatched = true
+				j.logger.Info("Rule matched", "rule", rule.Name, "ip", entry.IP)
+				j.resultCh <- entry
+				banned, err := j.db_r.IsBanned(entry.IP)
+				if err != nil {
+					j.logger.Error("Failed to check ban status", "ip", entry.IP, "error", err)
+					metrics.IncError()
 					break
 				}
+				if banned {
+					j.logger.Info("IP already banned", "ip", entry.IP)
+					metrics.IncLogParsed()
+					break
+				}
+				exceeded, err := j.db_rq.IsMaxRetryExceeded(entry.IP, rule.MaxRetry)
+				if err != nil {
+					j.logger.Error("Failed to check retry count", "ip", entry.IP, "error", err)
+					metrics.IncError()
+					break
+				}
+				if !exceeded {
+					j.logger.Info("Max retry not exceeded", "ip", entry.IP)
+					metrics.IncLogParsed()
+					break
+				}
+				err = j.db_w.AddBan(entry.IP, rule.BanTime, rule.Name)
+				if err != nil {
+					j.logger.Error(
+						"Failed to add ban to database",
+						"ip",
+						entry.IP,
+						"ban_time",
+						rule.BanTime,
+						"error",
+						err,
+					)
+					break
+				}
+
+				if err := j.Blocker.Ban(entry.IP); err != nil {
+					j.logger.Error("Failed to ban IP at firewall", "ip", entry.IP, "error", err)
+					metrics.IncError()
+					break
+				}
+
+				for _, action := range rule.Action {
+					executor := &actions.Executor{Action: action}
+					if err := executor.Execute(); err != nil {
+						j.logger.Error("Action execution failed",
+							"rule", rule.Name,
+							"action_type", action.Type,
+							"error", err)
+					}
+				}
+
+				j.logger.Info(
+					"IP banned successfully",
+					"ip",
+					entry.IP,
+					"rule",
+					rule.Name,
+					"ban_time",
+					rule.BanTime,
+				)
+				metrics.IncBan(rule.ServiceName)
+				break
 			}
 		}

-		err = j.db.MarkAsViewed(entry.ID)
-		if err != nil {
-			j.logger.Error(fmt.Sprintf("Failed to mark entry as viewed: %v", err))
-		} else {
-			j.logger.Info(fmt.Sprintf("Entry marked as viewed: ID=%d", entry.ID))
+		if !ruleMatched {
+			j.logger.Debug("No rules matched", "ip", entry.IP, "service", entry.Service)
 		}
 	}

-	if err = rows.Err(); err != nil {
-		j.logger.Error(fmt.Sprintf("Error iterating rows: %v", err))
-		return err
-	}
-
-	return nil
+	j.logger.Info("Tribunal stopped - entryCh closed")
 }

 func (j *Judge) UnbanChecker() {
@@ -122,18 +163,42 @@ func (j *Judge) UnbanChecker() {
 	defer tick.Stop()

 	for range tick.C {
-		ips, err := j.db.CheckExpiredBans()
+		ips, err := j.db_w.RemoveExpiredBans()
 		if err != nil {
 			j.logger.Error(fmt.Sprintf("Failed to check expired bans: %v", err))
+			metrics.IncError()
 			continue
 		}

 		for _, ip := range ips {
 			if err := j.Blocker.Unban(ip); err != nil {
-				j.logger.Error(fmt.Sprintf("Failed to unban IP %s: %v", ip, err))
-				continue
+				j.logger.Error(fmt.Sprintf("Failed to unban IP at firewall: %v", err))
+				metrics.IncError()
+			} else {
+				metrics.IncUnban("judge")
 			}
-			j.logger.Info(fmt.Sprintf("IP unbanned: %s", ip))
 		}
 	}
 }
+
+func matchPath(path string, rulePath string) bool {
+	if rulePath == "" {
+		return true
+	}
+
+	if strings.HasPrefix(rulePath, "*") {
+		suffix := strings.TrimPrefix(rulePath, "*")
+		return strings.HasSuffix(path, suffix)
+	}
+
+	if strings.HasPrefix(rulePath, "/*") {
+		suffix := strings.TrimPrefix(rulePath, "/*")
+		return strings.HasSuffix(path, suffix)
+	}
+
+	if strings.HasSuffix(rulePath, "*") {
+		prefix := strings.TrimSuffix(rulePath, "*")
+		return strings.HasPrefix(path, prefix)
+	}
+	return path == rulePath
+}
--- a/internal/judge/judge_test.go
+++ b/internal/judge/judge_test.go
@@ -18,21 +18,21 @@ func TestJudgeLogic(t *testing.T) {
 		{
 			name:      "Empty rule",
 			inputRule: config.Rule{Name: "", ServiceName: "", Path: "", Status: "", Method: ""},
-			inputLog:  storage.LogEntry{ID: 0, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", IsViewed: false, CreatedAt: ""},
+			inputLog:  storage.LogEntry{ID: 0, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", CreatedAt: ""},
 			wantErr:   true,
 			wantMatch: false,
 		},
 		{
 			name:      "Matching rule",
 			inputRule: config.Rule{Name: "test", ServiceName: "nginx", Path: "/api", Status: "200", Method: "GET"},
-			inputLog:  storage.LogEntry{ID: 1, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", IsViewed: false, CreatedAt: ""},
+			inputLog:  storage.LogEntry{ID: 1, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", CreatedAt: ""},
 			wantErr:   false,
 			wantMatch: true,
 		},
 		{
 			name:      "Non-matching status",
 			inputRule: config.Rule{Name: "test", ServiceName: "nginx", Path: "/api", Status: "404", Method: "GET"},
-			inputLog:  storage.LogEntry{ID: 2, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", IsViewed: false, CreatedAt: ""},
+			inputLog:  storage.LogEntry{ID: 2, Service: "nginx", IP: "127.0.0.1", Path: "/api", Status: "200", Method: "GET", CreatedAt: ""},
 			wantErr:   false,
 			wantMatch: false,
 		},
--- a/internal/logger/logger.go
+++ b/internal/logger/logger.go
@@ -1,8 +1,12 @@
 package logger

 import (
+	"io"
 	"log/slog"
 	"os"
+	"path/filepath"
+
+	"gopkg.in/natefinch/lumberjack.v2"
 )

 type Logger struct {
@@ -10,13 +14,28 @@ type Logger struct {
 }

 func New(debug bool) *Logger {
+	logDir := "/var/log/banforge"
+	if err := os.MkdirAll(logDir, 0750); err != nil {
+		return nil
+	}
+
+	fileWriter := &lumberjack.Logger{
+		Filename:   filepath.Join(logDir, "banforge.log"),
+		MaxSize:    500,
+		MaxBackups: 3,
+		MaxAge:     28,
+		Compress:   true,
+	}
+
 	var level slog.Level
 	if debug {
 		level = slog.LevelDebug
 	} else {
 		level = slog.LevelInfo
 	}
-	handler := slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{
+	multiWriter := io.MultiWriter(fileWriter, os.Stdout)
+
+	handler := slog.NewTextHandler(multiWriter, &slog.HandlerOptions{
 		Level: level,
 	})

--- a/internal/metrics/metrics.go
+++ b/internal/metrics/metrics.go
@@ -0,0 +1,131 @@
+package metrics
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"strconv"
+	"sync"
+	"time"
+)
+
+var (
+	metricsMu sync.RWMutex
+	metrics   = make(map[string]int64)
+)
+
+func IncBan(service string) {
+	metricsMu.Lock()
+	metrics["ban_count"]++
+	metrics[service+"_bans"]++
+	metricsMu.Unlock()
+}
+
+func IncUnban(service string) {
+	metricsMu.Lock()
+	metrics["unban_count"]++
+	metrics[service+"_unbans"]++
+	metricsMu.Unlock()
+}
+
+func IncRuleMatched(rule_name string) {
+	metricsMu.Lock()
+	metrics[rule_name+"_rule_matched"]++
+	metricsMu.Unlock()
+}
+
+func IncLogParsed() {
+	metricsMu.Lock()
+	metrics["log_parsed"]++
+	metricsMu.Unlock()
+}
+
+func IncError() {
+	metricsMu.Lock()
+	metrics["error_count"]++
+	metricsMu.Unlock()
+}
+
+func IncBanAttempt(firewall string) {
+	metricsMu.Lock()
+	metrics["ban_attempt_count"]++
+	metrics[firewall+"_ban_attempts"]++
+	metricsMu.Unlock()
+}
+
+func IncUnbanAttempt(firewall string) {
+	metricsMu.Lock()
+	metrics["unban_attempt_count"]++
+	metrics[firewall+"_unban_attempts"]++
+	metricsMu.Unlock()
+}
+
+func IncPortOperation(operation string, protocol string) {
+	metricsMu.Lock()
+	key := "port_" + operation + "_" + protocol
+	metrics[key]++
+	metricsMu.Unlock()
+}
+
+func IncParserEvent(service string) {
+	metricsMu.Lock()
+	metrics[service+"_parsed_events"]++
+	metricsMu.Unlock()
+}
+
+func IncScannerEvent(service string) {
+	metricsMu.Lock()
+	metrics[service+"_scanner_events"]++
+	metricsMu.Unlock()
+}
+
+func IncDBOperation(operation string, table string) {
+	metricsMu.Lock()
+	key := "db_" + operation + "_" + table
+	metrics[key]++
+	metricsMu.Unlock()
+}
+
+func IncRequestCount(service string) {
+	metricsMu.Lock()
+	metrics[service+"_request_count"]++
+	metricsMu.Unlock()
+}
+
+func MetricsHandler() http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		metricsMu.RLock()
+		snapshot := make(map[string]int64, len(metrics))
+		for k, v := range metrics {
+			snapshot[k] = v
+		}
+		metricsMu.RUnlock()
+
+		w.Header().Set("Content-Type", "text/plain; version=0.0.4")
+
+		for name, value := range snapshot {
+			metricName := name + "_total"
+			_, _ = fmt.Fprintf(w, "# TYPE %s counter\n", metricName)
+			_, _ = fmt.Fprintf(w, "%s %d\n", metricName, value)
+		}
+	})
+}
+
+func StartMetricsServer(port int) error {
+	mux := http.NewServeMux()
+	mux.Handle("/metrics", MetricsHandler())
+
+	server := &http.Server{
+		Addr:         "localhost:" + strconv.Itoa(port),
+		Handler:      mux,
+		ReadTimeout:  5 * time.Second,
+		WriteTimeout: 10 * time.Second,
+		IdleTimeout:  15 * time.Second,
+	}
+
+	log.Printf("Starting metrics server on %s", server.Addr)
+	if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+		return fmt.Errorf("metrics server failed: %w", err)
+	}
+	return nil
+}
--- a/internal/parser/ApacheParser.go
+++ b/internal/parser/ApacheParser.go
@@ -0,0 +1,63 @@
+package parser
+
+import (
+	"regexp"
+
+	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
+	"github.com/d3m0k1d/BanForge/internal/storage"
+)
+
+type ApacheParser struct {
+	pattern *regexp.Regexp
+	logger  *logger.Logger
+}
+
+func NewApacheParser() *ApacheParser {
+	pattern := regexp.MustCompile(
+		`^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+-\s+-\s+\[(.*?)\]\s+"(\w+)\s+(.*?)\s+HTTP/[\d.]+"\s+(\d+)\s+(\d+|-)\s+"(.*?)"\s+"(.*?)"`,
+	)
+	// Groups:
+	// 1: IP
+	// 2: Timestamp
+	// 3: Method (GET, POST, etc.)
+	// 4: Path
+	// 5: Status Code (200, 404, 403...)
+	// 6: Response Size
+	// 7: Referer
+	// 8: User-Agent
+
+	return &ApacheParser{
+		pattern: pattern,
+		logger:  logger.New(false),
+	}
+}
+
+func (p *ApacheParser) Parse(eventCh <-chan Event, resultCh chan<- *storage.LogEntry) {
+	// Group 1: IP, Group 2: Timestamp, Group 3: Method, Group 4: Path, Group 5: Status
+	for event := range eventCh {
+		matches := p.pattern.FindStringSubmatch(event.Data)
+		if matches == nil {
+			continue
+		}
+		path := matches[4]
+		status := matches[5]
+		method := matches[3]
+
+		resultCh <- &storage.LogEntry{
+			Service: "apache",
+			IP:      matches[1],
+			Path:    path,
+			Status:  status,
+			Method:  method,
+		}
+		metrics.IncParserEvent("apache")
+		p.logger.Info(
+			"Parsed apache log entry",
+			"ip", matches[1],
+			"path", path,
+			"status", status,
+			"method", method,
+		)
+	}
+}
--- a/internal/parser/NginxParser.go
+++ b/internal/parser/NginxParser.go
@@ -4,6 +4,7 @@ import (
 	"regexp"

 	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
 	"github.com/d3m0k1d/BanForge/internal/storage"
 )

@@ -24,35 +25,33 @@ func NewNginxParser() *NginxParser {

 func (p *NginxParser) Parse(eventCh <-chan Event, resultCh chan<- *storage.LogEntry) {
 	// Group 1: IP, Group 2: Timestamp, Group 3: Method, Group 4: Path, Group 5: Status
-	go func() {
-		for event := range eventCh {
-			matches := p.pattern.FindStringSubmatch(event.Data)
-			if matches == nil {
-				continue
-			}
-			path := matches[4]
-			status := matches[5]
-			method := matches[3]
-
-			resultCh <- &storage.LogEntry{
-				Service:  "nginx",
-				IP:       matches[1],
-				Path:     path,
-				Status:   status,
-				Method:   method,
-				IsViewed: false,
-			}
-			p.logger.Info(
-				"Parsed nginx log entry",
-				"ip",
-				matches[1],
-				"path",
-				path,
-				"status",
-				status,
-				"method",
-				method,
-			)
+	for event := range eventCh {
+		matches := p.pattern.FindStringSubmatch(event.Data)
+		if matches == nil {
+			continue
 		}
-	}()
+		path := matches[4]
+		status := matches[5]
+		method := matches[3]
+
+		resultCh <- &storage.LogEntry{
+			Service: "nginx",
+			IP:      matches[1],
+			Path:    path,
+			Status:  status,
+			Method:  method,
+		}
+		metrics.IncParserEvent("nginx")
+		p.logger.Info(
+			"Parsed nginx log entry",
+			"ip",
+			matches[1],
+			"path",
+			path,
+			"status",
+			status,
+			"method",
+			method,
+		)
+	}
 }
--- a/internal/parser/parser.go
+++ b/internal/parser/parser.go
@@ -2,11 +2,16 @@ package parser

 import (
 	"bufio"
+	"fmt"
 	"os"
 	"os/exec"
+	"path/filepath"
+	"regexp"
+	"strings"
 	"time"

 	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
 )

 type Event struct {
@@ -23,7 +28,56 @@ type Scanner struct {
 	pollDelay time.Duration
 }

+func validateLogPath(path string) error {
+	if path == "" {
+		return fmt.Errorf("log path cannot be empty")
+	}
+
+	if !filepath.IsAbs(path) {
+		return fmt.Errorf("log path must be absolute: %s", path)
+	}
+
+	if strings.Contains(path, "..") {
+		return fmt.Errorf("log path contains '..': %s", path)
+	}
+
+	if _, err := os.Stat(path); os.IsNotExist(err) {
+		return fmt.Errorf("log file does not exist: %s", path)
+	}
+
+	info, err := os.Lstat(path)
+	if err != nil {
+		return fmt.Errorf("failed to stat log file: %w", err)
+	}
+	if info.Mode()&os.ModeSymlink != 0 {
+		return fmt.Errorf("log path is a symlink: %s", path)
+	}
+
+	return nil
+}
+
+func validateJournaldUnit(unit string) error {
+	if unit == "" {
+		return fmt.Errorf("journald unit cannot be empty")
+	}
+
+	if !regexp.MustCompile(`^[a-zA-Z0-9._-]+$`).MatchString(unit) {
+		return fmt.Errorf("invalid journald unit name: %s", unit)
+	}
+
+	if strings.HasPrefix(unit, "-") {
+		return fmt.Errorf("journald unit cannot start with '-': %s", unit)
+	}
+
+	return nil
+}
+
 func NewScannerTail(path string) (*Scanner, error) {
+	if err := validateLogPath(path); err != nil {
+		return nil, fmt.Errorf("invalid log path: %w", err)
+	}
+
+	// #nosec G204 - path is validated above via validateLogPath()
 	cmd := exec.Command("tail", "-F", "-n", "10", path)
 	stdout, err := cmd.StdoutPipe()
 	if err != nil {
@@ -46,6 +100,11 @@ func NewScannerTail(path string) (*Scanner, error) {
 }

 func NewScannerJournald(unit string) (*Scanner, error) {
+	if err := validateJournaldUnit(unit); err != nil {
+		return nil, fmt.Errorf("invalid journald unit: %w", err)
+	}
+
+	// #nosec G204 - unit is validated above via validateJournaldUnit()
 	cmd := exec.Command("journalctl", "-u", unit, "-f", "-n", "0", "-o", "short", "--no-pager")
 	stdout, err := cmd.StdoutPipe()
 	if err != nil {
@@ -79,6 +138,7 @@ func (s *Scanner) Start() {

 			default:
 				if s.scanner.Scan() {
+					metrics.IncScannerEvent("scanner")
 					s.ch <- Event{
 						Data: s.scanner.Text(),
 					}
@@ -86,6 +146,7 @@ func (s *Scanner) Start() {
 				} else {
 					if err := s.scanner.Err(); err != nil {
 						s.logger.Error("Scanner error")
+						metrics.IncError()
 						return
 					}
 				}
--- a/internal/parser/parser_test.go
+++ b/internal/parser/parser_test.go
@@ -2,6 +2,7 @@ package parser

 import (
 	"os"
+	"strings"
 	"testing"
 	"time"
 )
@@ -281,3 +282,201 @@ func BenchmarkScanner(b *testing.B) {
 		<-scanner.Events()
 	}
 }
+
+func TestValidateLogPath(t *testing.T) {
+	tests := []struct {
+		name    string
+		path    string
+		setup   func() (string, func())
+		wantErr bool
+		errMsg  string
+	}{
+		{
+			name:    "empty path",
+			path:    "",
+			wantErr: true,
+			errMsg:  "log path cannot be empty",
+		},
+		{
+			name:    "relative path",
+			path:    "logs/test.log",
+			wantErr: true,
+			errMsg:  "log path must be absolute",
+		},
+		{
+			name:    "path with traversal",
+			path:    "/var/log/../etc/passwd",
+			wantErr: true,
+			errMsg:  "log path contains '..'",
+		},
+		{
+			name:    "non-existent file",
+			path:    "/var/log/nonexistent.log",
+			wantErr: true,
+			errMsg:  "log file does not exist",
+		},
+		{
+			name: "valid file",
+			path: "/tmp/test-valid.log",
+			setup: func() (string, func()) {
+				_, _ = os.Create("/tmp/test-valid.log")
+				return "/tmp/test-valid.log", func() { os.Remove("/tmp/test-valid.log") }
+			},
+			wantErr: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var cleanup func()
+			if tt.setup != nil {
+				tt.path, cleanup = tt.setup()
+				defer cleanup()
+			}
+
+			err := validateLogPath(tt.path)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("validateLogPath() error = %v, wantErr %v", err, tt.wantErr)
+			}
+			if tt.wantErr && tt.errMsg != "" && err != nil {
+				if !strings.Contains(err.Error(), tt.errMsg) {
+					t.Errorf("validateLogPath() error = %v, want message containing %q", err, tt.errMsg)
+				}
+			}
+		})
+	}
+}
+
+func TestValidateJournaldUnit(t *testing.T) {
+	tests := []struct {
+		name    string
+		unit    string
+		wantErr bool
+		errMsg  string
+	}{
+		{
+			name:    "empty unit",
+			unit:    "",
+			wantErr: true,
+			errMsg:  "journald unit cannot be empty",
+		},
+		{
+			name:    "unit starting with dash",
+			unit:    "-dangerous",
+			wantErr: true,
+			errMsg:  "journald unit cannot start with '-'",
+		},
+		{
+			name:    "unit with special chars",
+			unit:    "test;rm -rf /",
+			wantErr: true,
+			errMsg:  "invalid journald unit name",
+		},
+		{
+			name:    "unit with spaces",
+			unit:    "test unit",
+			wantErr: true,
+			errMsg:  "invalid journald unit name",
+		},
+		{
+			name:    "valid unit simple",
+			unit:    "nginx",
+			wantErr: false,
+		},
+		{
+			name:    "valid unit with dash",
+			unit:    "ssh-agent",
+			wantErr: false,
+		},
+		{
+			name:    "valid unit with dot",
+			unit:    "systemd-journald.service",
+			wantErr: false,
+		},
+		{
+			name:    "valid unit with underscore",
+			unit:    "my_service",
+			wantErr: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := validateJournaldUnit(tt.unit)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("validateJournaldUnit() error = %v, wantErr %v", err, tt.wantErr)
+			}
+			if tt.wantErr && tt.errMsg != "" && err != nil {
+				if !strings.Contains(err.Error(), tt.errMsg) {
+					t.Errorf("validateJournaldUnit() error = %v, want message containing %q", err, tt.errMsg)
+				}
+			}
+		})
+	}
+}
+
+func TestNewScannerTailValidation(t *testing.T) {
+	tests := []struct {
+		name    string
+		path    string
+		wantErr bool
+	}{
+		{
+			name:    "empty path",
+			path:    "",
+			wantErr: true,
+		},
+		{
+			name:    "relative path",
+			path:    "test.log",
+			wantErr: true,
+		},
+		{
+			name:    "non-existent path",
+			path:    "/nonexistent/path/file.log",
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			_, err := NewScannerTail(tt.path)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("NewScannerTail() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func TestNewScannerJournaldValidation(t *testing.T) {
+	tests := []struct {
+		name    string
+		unit    string
+		wantErr bool
+	}{
+		{
+			name:    "empty unit",
+			unit:    "",
+			wantErr: true,
+		},
+		{
+			name:    "unit with semicolon",
+			unit:    "test;rm -rf /",
+			wantErr: true,
+		},
+		{
+			name:    "unit starting with dash",
+			unit:    "-dangerous",
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			_, err := NewScannerJournald(tt.unit)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("NewScannerJournald() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
--- a/internal/parser/sshd.go
+++ b/internal/parser/sshd.go
@@ -4,6 +4,7 @@ import (
 	"regexp"

 	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
 	"github.com/d3m0k1d/BanForge/internal/storage"
 )

@@ -24,31 +25,29 @@ func NewSshdParser() *SshdParser {

 func (p *SshdParser) Parse(eventCh <-chan Event, resultCh chan<- *storage.LogEntry) {
 	// Group 1: Timestamp, Group 2: hostame, Group 3: pid, Group 4: Method auth, Group 5: User, Group 6: IP, Group 7: port
-	go func() {
-		for event := range eventCh {
-			matches := p.pattern.FindStringSubmatch(event.Data)
-			if matches == nil {
-				continue
-			}
-			resultCh <- &storage.LogEntry{
-				Service:  "ssh",
-				IP:       matches[6],
-				Path:     matches[5], // user
-				Status:   "Failed",
-				Method:   matches[4], // method auth
-				IsViewed: false,
-			}
-			p.logger.Info(
-				"Parsed ssh log entry",
-				"ip",
-				matches[6],
-				"user",
-				matches[5],
-				"method",
-				matches[4],
-				"status",
-				"Failed",
-			)
+	for event := range eventCh {
+		matches := p.pattern.FindStringSubmatch(event.Data)
+		if matches == nil {
+			continue
 		}
-	}()
+		resultCh <- &storage.LogEntry{
+			Service: "ssh",
+			IP:      matches[6],
+			Path:    matches[5], // user
+			Status:  "Failed",
+			Method:  matches[4], // method auth
+		}
+		metrics.IncParserEvent("ssh")
+		p.logger.Info(
+			"Parsed ssh log entry",
+			"ip",
+			matches[6],
+			"user",
+			matches[5],
+			"method",
+			matches[4],
+			"status",
+			"Failed",
+		)
+	}
 }
--- a/internal/storage/ban_db.go
+++ b/internal/storage/ban_db.go
@@ -0,0 +1,228 @@
+package storage
+
+import (
+	"database/sql"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/d3m0k1d/BanForge/internal/config"
+	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
+	"github.com/jedib0t/go-pretty/v6/table"
+	_ "modernc.org/sqlite"
+)
+
+// Writer block
+type BanWriter struct {
+	logger *logger.Logger
+	db     *sql.DB
+}
+
+func NewBanWriter() (*BanWriter, error) {
+	db, err := sql.Open(
+		"sqlite",
+		buildSqliteDsn(banDBPath, pragmas),
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &BanWriter{
+		logger: logger.New(false),
+		db:     db,
+	}, nil
+}
+
+func (d *BanWriter) CreateTable() error {
+	_, err := d.db.Exec(CreateBansTable)
+	if err != nil {
+		return err
+	}
+	metrics.IncDBOperation("create_table", "bans")
+	d.logger.Info("Created tables")
+	return nil
+}
+
+func (d *BanWriter) AddBan(ip string, ttl string, reason string) error {
+	duration, err := config.ParseDurationWithYears(ttl)
+	if err != nil {
+		d.logger.Error("Invalid duration format", "ttl", ttl, "error", err)
+		metrics.IncError()
+		return fmt.Errorf("invalid duration: %w", err)
+	}
+
+	now := time.Now()
+	expiredAt := now.Add(duration)
+
+	_, err = d.db.Exec(
+		"INSERT INTO bans (ip, reason, banned_at, expired_at) VALUES (?, ?, ?, ?)",
+		ip,
+		reason,
+		now.Format(time.RFC3339),
+		expiredAt.Format(time.RFC3339),
+	)
+	if err != nil {
+		d.logger.Error("Failed to add ban", "error", err)
+		metrics.IncError()
+		return err
+	}
+
+	metrics.IncDBOperation("insert", "bans")
+	return nil
+}
+
+func (d *BanWriter) RemoveBan(ip string) error {
+	_, err := d.db.Exec("DELETE FROM bans WHERE ip = ?", ip)
+	if err != nil {
+		d.logger.Error("Failed to remove ban", "error", err)
+		metrics.IncError()
+		return err
+	}
+	metrics.IncDBOperation("delete", "bans")
+	return nil
+}
+
+func (w *BanWriter) RemoveExpiredBans() ([]string, error) {
+	var ips []string
+	now := time.Now().Format(time.RFC3339)
+
+	rows, err := w.db.Query(
+		"SELECT ip FROM bans WHERE expired_at < ?",
+		now,
+	)
+	if err != nil {
+		w.logger.Error("Failed to get expired bans", "error", err)
+		metrics.IncError()
+		return nil, err
+	}
+	defer func() {
+		if err := rows.Close(); err != nil {
+			w.logger.Error("Failed to close rows", "error", err)
+		}
+	}()
+
+	for rows.Next() {
+		var ip string
+		err := rows.Scan(&ip)
+		if err != nil {
+			w.logger.Error("Failed to scan ban", "error", err)
+			continue
+		}
+		ips = append(ips, ip)
+	}
+
+	if err = rows.Err(); err != nil {
+		return nil, err
+	}
+
+	result, err := w.db.Exec(
+		"DELETE FROM bans WHERE expired_at < ?",
+		now,
+	)
+	if err != nil {
+		w.logger.Error("Failed to remove expired bans", "error", err)
+		metrics.IncError()
+		return nil, err
+	}
+
+	rowsAffected, err := result.RowsAffected()
+	if err != nil {
+		return nil, err
+	}
+
+	if rowsAffected > 0 {
+		w.logger.Info("Removed expired bans", "count", rowsAffected, "ips", len(ips))
+		metrics.IncDBOperation("delete_expired", "bans")
+	}
+
+	return ips, nil
+}
+
+func (d *BanWriter) Close() error {
+	d.logger.Info("Closing database connection")
+	err := d.db.Close()
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// Reader block
+
+type BanReader struct {
+	logger *logger.Logger
+	db     *sql.DB
+}
+
+func NewBanReader() (*BanReader, error) {
+	db, err := sql.Open("sqlite",
+		"/var/lib/banforge/bans.db?"+
+			"mode=ro&"+
+			"_pragma=journal_mode(WAL)&"+
+			"_pragma=mmap_size(268435456)&"+
+			"_pragma=cache_size(-2000)&"+
+			"_pragma=query_only(1)")
+	if err != nil {
+		return nil, err
+	}
+
+	return &BanReader{
+		logger: logger.New(false),
+		db:     db,
+	}, nil
+}
+
+func (d *BanReader) IsBanned(ip string) (bool, error) {
+	var bannedIP string
+	err := d.db.QueryRow("SELECT ip FROM bans WHERE ip = ? ", ip).Scan(&bannedIP)
+	if err == sql.ErrNoRows {
+		return false, nil
+	}
+	if err != nil {
+		metrics.IncError()
+		return false, fmt.Errorf("failed to check ban status: %w", err)
+	}
+	metrics.IncDBOperation("select", "bans")
+	return true, nil
+}
+
+func (d *BanReader) BanList() error {
+	var count int
+	t := table.NewWriter()
+	t.SetOutputMirror(os.Stdout)
+	t.SetStyle(table.StyleBold)
+	t.AppendHeader(table.Row{"№", "IP", "Banned At", "Reason", "Expires At"})
+	rows, err := d.db.Query("SELECT ip, banned_at, reason, expired_at  FROM bans")
+	if err != nil {
+		d.logger.Error("Failed to get ban list", "error", err)
+		metrics.IncError()
+		return err
+	}
+	for rows.Next() {
+		count++
+		var ip string
+		var bannedAt string
+		var reason string
+		var expiredAt string
+		err := rows.Scan(&ip, &bannedAt, &reason, &expiredAt)
+		if err != nil {
+			d.logger.Error("Failed to get ban list", "error", err)
+			metrics.IncError()
+			return err
+		}
+		t.AppendRow(table.Row{count, ip, bannedAt, reason, expiredAt})
+
+	}
+	t.Render()
+	metrics.IncDBOperation("select", "bans")
+	return nil
+}
+
+func (d *BanReader) Close() error {
+	d.logger.Info("Closing database connection")
+	err := d.db.Close()
+	if err != nil {
+		return err
+	}
+	return nil
+}
--- a/internal/storage/ban_db_test.go
+++ b/internal/storage/ban_db_test.go
@@ -0,0 +1,380 @@
+package storage
+
+import (
+	"database/sql"
+
+	"github.com/d3m0k1d/BanForge/internal/logger"
+	"path/filepath"
+	"testing"
+)
+
+func TestBanWriter_AddBan(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "bans_test.db")
+
+	writer, err := NewBanWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	ip := "192.168.1.1"
+	ttl := "1h"
+
+	err = writer.AddBan(ip, ttl, "test")
+	if err != nil {
+		t.Errorf("AddBan failed: %v", err)
+	}
+
+	reader, err := NewBanReaderWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanReader: %v", err)
+	}
+	defer reader.Close()
+
+	isBanned, err := reader.IsBanned(ip)
+	if err != nil {
+		t.Errorf("IsBanned failed: %v", err)
+	}
+	if !isBanned {
+		t.Error("Expected IP to be banned, but it's not")
+	}
+}
+
+func TestBanWriter_RemoveBan(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "bans_test.db")
+
+	writer, err := NewBanWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	ip := "192.168.1.2"
+	err = writer.AddBan(ip, "1h", "test")
+	if err != nil {
+		t.Fatalf("Failed to add ban: %v", err)
+	}
+
+	reader, err := NewBanReaderWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanReader: %v", err)
+	}
+	defer reader.Close()
+
+	isBanned, err := reader.IsBanned(ip)
+	if err != nil {
+		t.Fatalf("IsBanned failed: %v", err)
+	}
+	if !isBanned {
+		t.Fatal("Expected IP to be banned before removal")
+	}
+
+	err = writer.RemoveBan(ip)
+	if err != nil {
+		t.Errorf("RemoveBan failed: %v", err)
+	}
+
+	isBanned, err = reader.IsBanned(ip)
+	if err != nil {
+		t.Errorf("IsBanned failed after removal: %v", err)
+	}
+	if isBanned {
+		t.Error("Expected IP to be unbanned after removal, but it's still banned")
+	}
+}
+
+func TestBanWriter_RemoveExpiredBans(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "bans_test.db")
+
+	writer, err := NewBanWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	expiredIP := "192.168.1.3"
+	err = writer.AddBan(expiredIP, "-1h", "tes")
+	if err != nil {
+		t.Fatalf("Failed to add expired ban: %v", err)
+	}
+
+	activeIP := "192.168.1.4"
+	err = writer.AddBan(activeIP, "1h", "test")
+	if err != nil {
+		t.Fatalf("Failed to add active ban: %v", err)
+	}
+
+	removedIPs, err := writer.RemoveExpiredBans()
+	if err != nil {
+		t.Errorf("RemoveExpiredBans failed: %v", err)
+	}
+
+	found := false
+	for _, ip := range removedIPs {
+		if ip == expiredIP {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Error("Expected expired IP to be in removed list")
+	}
+
+	if len(removedIPs) != 1 {
+		t.Errorf("Expected 1 removed IP, got %d", len(removedIPs))
+	}
+
+	reader, err := NewBanReaderWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanReader: %v", err)
+	}
+	defer reader.Close()
+
+	isExpiredBanned, err := reader.IsBanned(expiredIP)
+	if err != nil {
+		t.Errorf("IsBanned failed for expired IP: %v", err)
+	}
+	if isExpiredBanned {
+		t.Error("Expected expired IP to be unbanned, but it's still banned")
+	}
+
+	isActiveBanned, err := reader.IsBanned(activeIP)
+	if err != nil {
+		t.Errorf("IsBanned failed for active IP: %v", err)
+	}
+	if !isActiveBanned {
+		t.Error("Expected active IP to still be banned, but it's not")
+	}
+}
+
+func TestBanReader_IsBanned(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "bans_test.db")
+
+	writer, err := NewBanWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	ip := "192.168.1.5"
+	err = writer.AddBan(ip, "1h", "test")
+	if err != nil {
+		t.Fatalf("Failed to add ban: %v", err)
+	}
+
+	reader, err := NewBanReaderWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanReader: %v", err)
+	}
+	defer reader.Close()
+
+	isBanned, err := reader.IsBanned(ip)
+	if err != nil {
+		t.Errorf("IsBanned failed for banned IP: %v", err)
+	}
+	if !isBanned {
+		t.Error("Expected IP to be banned")
+	}
+
+	isBanned, err = reader.IsBanned("192.168.1.6")
+	if err != nil {
+		t.Errorf("IsBanned failed for non-banned IP: %v", err)
+	}
+	if isBanned {
+		t.Error("Expected IP to not be banned")
+	}
+}
+
+func TestBanWriter_Close(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "bans_test.db")
+
+	writer, err := NewBanWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanWriter: %v", err)
+	}
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	err = writer.Close()
+	if err != nil {
+		t.Errorf("Close failed: %v", err)
+	}
+
+	_, err = writer.db.Exec("SELECT 1")
+	if err == nil {
+		t.Error("Expected error when using closed connection")
+	}
+}
+
+func TestBanReader_Close(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "bans_test.db")
+
+	writer, err := NewBanWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	reader, err := NewBanReaderWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanReader: %v", err)
+	}
+
+	err = reader.Close()
+	if err != nil {
+		t.Errorf("Close failed: %v", err)
+	}
+
+	_, err = reader.db.Query("SELECT 1")
+	if err == nil {
+		t.Error("Expected error when using closed connection")
+	}
+}
+
+func TestBanWriter_AddBan_InvalidDuration(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "bans_test.db")
+
+	writer, err := NewBanWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	err = writer.AddBan("192.168.1.7", "invalid_duration", "test")
+	if err == nil {
+		t.Error("Expected error for invalid duration")
+	} else if err.Error() == "" || err.Error() == "<nil>" {
+		t.Error("Expected meaningful error message for invalid duration")
+	}
+}
+
+func TestMultipleBans(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "bans_test.db")
+
+	writer, err := NewBanWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	ips := []string{"192.168.1.8", "192.168.1.9", "192.168.1.10"}
+
+	for _, ip := range ips {
+		err := writer.AddBan(ip, "1h", "test")
+		if err != nil {
+			t.Errorf("Failed to add ban for IP %s: %v", ip, err)
+		}
+	}
+
+	reader, err := NewBanReaderWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanReader: %v", err)
+	}
+	defer reader.Close()
+
+	for _, ip := range ips {
+		isBanned, err := reader.IsBanned(ip)
+		if err != nil {
+			t.Errorf("IsBanned failed for IP %s: %v", ip, err)
+			continue
+		}
+		if !isBanned {
+			t.Errorf("Expected IP %s to be banned", ip)
+		}
+	}
+}
+
+func TestRemoveNonExistentBan(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "bans_test.db")
+
+	writer, err := NewBanWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create BanWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	err = writer.RemoveBan("192.168.1.11")
+	if err != nil {
+		t.Errorf("RemoveBan should not return error for non-existent ban: %v", err)
+	}
+}
+func NewBanWriterWithDBPath(dbPath string) (*BanWriter, error) {
+	db, err := sql.Open("sqlite", dbPath+"?_pragma=journal_mode(WAL)&_pragma=busy_timeout(30000)&_pragma=synchronous(NORMAL)")
+	if err != nil {
+		return nil, err
+	}
+	return &BanWriter{
+		logger: logger.New(false),
+		db:     db,
+	}, nil
+}
+
+func NewBanReaderWithDBPath(dbPath string) (*BanReader, error) {
+	db, err := sql.Open("sqlite",
+		dbPath+"?"+
+			"mode=ro&"+
+			"_pragma=journal_mode(WAL)&"+
+			"_pragma=mmap_size(268435456)&"+
+			"_pragma=cache_size(-2000)&"+
+			"_pragma=query_only(1)")
+	if err != nil {
+		return nil, err
+	}
+
+	return &BanReader{
+		logger: logger.New(false),
+		db:     db,
+	}, nil
+}
--- a/internal/storage/db.go
+++ b/internal/storage/db.go
@@ -2,167 +2,60 @@ package storage

 import (
 	"database/sql"
-	"os"
-
+	"errors"
 	"fmt"
-	"time"
+	"strings"

-	"github.com/d3m0k1d/BanForge/internal/config"
-	"github.com/d3m0k1d/BanForge/internal/logger"
-	"github.com/jedib0t/go-pretty/v6/table"
-	_ "github.com/mattn/go-sqlite3"
+	_ "modernc.org/sqlite"
 )

-type DB struct {
-	logger *logger.Logger
-	db     *sql.DB
+const (
+	DBDir     = "/var/lib/banforge/"
+	ReqDBPath = DBDir + "requests.db"
+	banDBPath = DBDir + "bans.db"
+)
+
+var pragmas = map[string]string{
+	`journal_mode`: `wal`,
+	`synchronous`:  `normal`,
+	`busy_timeout`: `30000`,
+	// also consider these
+	// `temp_store`:   `memory`,
+	// `cache_size`:   `1000000000`,
 }

-func NewDB() (*DB, error) {
-	db, err := sql.Open(
-		"sqlite3",
-		"/var/lib/banforge/storage.db?mode=rwc&_journal_mode=WAL&_busy_timeout=10000&cache=shared",
-	)
-	if err != nil {
-		return nil, err
+func buildSqliteDsn(path string, pragmas map[string]string) string {
+	pragmastrs := make([]string, len(pragmas))
+	i := 0
+	for k, v := range pragmas {
+		pragmastrs[i] = (fmt.Sprintf(`pragma=%s(%s)`, k, v))
+		i++
 	}
-
-	if err := db.Ping(); err != nil {
-		return nil, err
-	}
-	return &DB{
-		logger: logger.New(false),
-		db:     db,
-	}, nil
+	return path + "?" + "mode=rwc&" + strings.Join(pragmastrs, "&")
 }

-func (d *DB) Close() error {
-	d.logger.Info("Closing database connection")
-	err := d.db.Close()
+func initDB(dsn, sqlstr string) (err error) {
+	db, err := sql.Open("sqlite", dsn)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to open %q: %w", dsn, err)
 	}
-	return nil
-}
-
-func (d *DB) CreateTable() error {
-	_, err := d.db.Exec(CreateTables)
-	if err != nil {
-		return err
-	}
-	d.logger.Info("Created tables")
-	return nil
-}
-
-func (d *DB) SearchUnViewed() (*sql.Rows, error) {
-	rows, err := d.db.Query(
-		"SELECT id, service, ip, path, status, method, viewed, created_at FROM requests WHERE viewed = 0",
-	)
-	if err != nil {
-		d.logger.Error("Failed to query database")
-		return nil, err
-	}
-	return rows, nil
-}
-
-func (d *DB) MarkAsViewed(id int) error {
-	_, err := d.db.Exec("UPDATE requests SET viewed = 1 WHERE id = ?", id)
-	if err != nil {
-		d.logger.Error("Failed to mark as viewed", "error", err)
-		return err
-	}
-	return nil
-}
-
-func (d *DB) IsBanned(ip string) (bool, error) {
-	var bannedIP string
-	err := d.db.QueryRow("SELECT ip FROM bans WHERE ip = ? ", ip).Scan(&bannedIP)
-	if err == sql.ErrNoRows {
-		return false, nil
-	}
-	if err != nil {
-		return false, fmt.Errorf("failed to check ban status: %w", err)
-	}
-	return true, nil
-}
-
-func (d *DB) AddBan(ip string, ttl string) error {
-	duration, err := config.ParseDurationWithYears(ttl)
-	if err != nil {
-		d.logger.Error("Invalid duration format", "ttl", ttl, "error", err)
-		return fmt.Errorf("invalid duration: %w", err)
-	}
-
-	now := time.Now()
-	expiredAt := now.Add(duration)
-
-	_, err = d.db.Exec(
-		"INSERT INTO bans (ip, reason, banned_at, expired_at) VALUES (?, ?, ?, ?)",
-		ip,
-		"1",
-		now.Format(time.RFC3339),
-		expiredAt.Format(time.RFC3339),
-	)
-	if err != nil {
-		d.logger.Error("Failed to add ban", "error", err)
-		return err
-	}
-
-	return nil
-}
-
-func (d *DB) BanList() error {
-
-	var count int
-	t := table.NewWriter()
-	t.SetOutputMirror(os.Stdout)
-	t.SetStyle(table.StyleBold)
-	t.AppendHeader(table.Row{"№", "IP", "Banned At"})
-	rows, err := d.db.Query("SELECT ip, banned_at  FROM bans")
-	if err != nil {
-		d.logger.Error("Failed to get ban list", "error", err)
-		return err
-	}
-	for rows.Next() {
-		count++
-		var ip string
-		var bannedAt string
-		err := rows.Scan(&ip, &bannedAt)
-		if err != nil {
-			d.logger.Error("Failed to get ban list", "error", err)
-			return err
+	defer func() {
+		closeErr := db.Close()
+		if closeErr != nil {
+			err = errors.Join(err, fmt.Errorf("failed to close %q: %w", dsn, closeErr))
 		}
-		t.AppendRow(table.Row{count, ip, bannedAt})
-
-	}
-	t.Render()
-	return nil
-}
-
-func (d *DB) CheckExpiredBans() ([]string, error) {
-	var ips []string
-	rows, err := d.db.Query(
-		"SELECT ip FROM bans WHERE expired_at < ?",
-		time.Now().Format(time.RFC3339),
-	)
+	}()
+	_, err = db.Exec(sqlstr)
 	if err != nil {
-		d.logger.Error("Failed to get ban list", "error", err)
-		return nil, err
+		return fmt.Errorf("failed to create table: %w", err)
 	}
-	for rows.Next() {
-		var ip string
-		r, err := d.db.Exec("DELETE FROM bans WHERE ip = ?", ip)
-		if err != nil {
-			d.logger.Error("Failed to get ban list", "error", err)
-			return nil, err
-		}
-		d.logger.Info("Ban removed", "ip", ip, "rows", r)
-		err = rows.Scan(&ip)
-		if err != nil {
-			d.logger.Error("Failed to get ban list", "error", err)
-			return nil, err
-		}
-		ips = append(ips, ip)
-	}
-	return ips, nil
+	return err
+}
+
+func CreateTables() (err error) {
+	// Requests DB
+	err1 := initDB(buildSqliteDsn(ReqDBPath, pragmas), CreateRequestsTable)
+	err2 := initDB(buildSqliteDsn(banDBPath, pragmas), CreateBansTable)
+
+	return errors.Join(err1, err2)
 }
--- a/internal/storage/db_test.go
+++ b/internal/storage/db_test.go
@@ -1,243 +0,0 @@
-package storage
-
-import (
-	"database/sql"
-	"github.com/d3m0k1d/BanForge/internal/logger"
-	_ "github.com/mattn/go-sqlite3"
-	"os"
-	"path/filepath"
-	"testing"
-	"time"
-)
-
-func createTestDB(t *testing.T) *sql.DB {
-	tmpDir, err := os.MkdirTemp("", "banforge-test-*")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	filePath := filepath.Join(tmpDir, "test.db")
-	db, err := sql.Open("sqlite3", filePath)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	t.Cleanup(func() {
-		db.Close()
-		os.RemoveAll(tmpDir)
-	})
-
-	return db
-}
-
-func createTestDBStruct(t *testing.T) *DB {
-	tmpDir, err := os.MkdirTemp("", "banforge-test-*")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	filePath := filepath.Join(tmpDir, "test.db")
-	sqlDB, err := sql.Open("sqlite3", filePath)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	t.Cleanup(func() {
-		sqlDB.Close()
-		os.RemoveAll(tmpDir)
-	})
-
-	return &DB{
-		logger: logger.New(false),
-		db:     sqlDB,
-	}
-}
-
-func TestCreateTable(t *testing.T) {
-	d := createTestDBStruct(t)
-
-	err := d.CreateTable()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	rows, err := d.db.Query("SELECT 1 FROM requests LIMIT 1")
-	if err != nil {
-		t.Fatal("requests table should exist:", err)
-	}
-	rows.Close()
-
-	rows, err = d.db.Query("SELECT 1 FROM bans LIMIT 1")
-	if err != nil {
-		t.Fatal("bans table should exist:", err)
-	}
-	rows.Close()
-}
-
-func TestMarkAsViewed(t *testing.T) {
-	d := createTestDBStruct(t)
-
-	err := d.CreateTable()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = d.db.Exec(
-		"INSERT INTO requests (service, ip, path, method, status, created_at) VALUES (?, ?, ?, ?, ?, ?)",
-		"test",
-		"127.0.0.1",
-		"/test",
-		"GET",
-		"200",
-		time.Now().Format(time.RFC3339),
-	)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = d.MarkAsViewed(1)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var isViewed bool
-	err = d.db.QueryRow("SELECT viewed FROM requests WHERE id = 1").Scan(&isViewed)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if !isViewed {
-		t.Fatal("viewed should be true")
-	}
-}
-
-func TestSearchUnViewed(t *testing.T) {
-	d := createTestDBStruct(t)
-
-	err := d.CreateTable()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	for i := 0; i < 2; i++ {
-		_, err := d.db.Exec(
-			"INSERT INTO requests (service, ip, path, method, status, created_at) VALUES (?, ?, ?, ?, ?, ?)",
-			"test",
-			"127.0.0.1",
-			"/test",
-			"GET",
-			"200",
-			time.Now().Format(time.RFC3339),
-		)
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
-
-	rows, err := d.SearchUnViewed()
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer rows.Close()
-
-	count := 0
-	for rows.Next() {
-		var id int
-		var service, ip, path, status, method string
-		var viewed bool
-		var createdAt string
-
-		err := rows.Scan(&id, &service, &ip, &path, &status, &method, &viewed, &createdAt)
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if viewed {
-			t.Fatal("should be unviewed")
-		}
-
-		count++
-	}
-
-	if err := rows.Err(); err != nil {
-		t.Fatal(err)
-	}
-
-	if count != 2 {
-		t.Fatalf("expected 2 unviewed requests, got %d", count)
-	}
-}
-
-func TestIsBanned(t *testing.T) {
-	d := createTestDBStruct(t)
-
-	err := d.CreateTable()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = d.db.Exec("INSERT INTO bans (ip, banned_at) VALUES (?, ?)", "127.0.0.1", time.Now().Format(time.RFC3339))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	isBanned, err := d.IsBanned("127.0.0.1")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if !isBanned {
-		t.Fatal("should be banned")
-	}
-}
-
-func TestAddBan(t *testing.T) {
-	d := createTestDBStruct(t)
-
-	err := d.CreateTable()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = d.AddBan("127.0.0.1", "7h")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	var ip string
-	err = d.db.QueryRow("SELECT ip FROM bans WHERE ip = ?", "127.0.0.1").Scan(&ip)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if ip != "127.0.0.1" {
-		t.Fatal("ip should be 127.0.0.1")
-	}
-}
-
-func TestBanList(t *testing.T) {
-	d := createTestDBStruct(t)
-
-	err := d.CreateTable()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = d.db.Exec("INSERT INTO bans (ip, banned_at) VALUES (?, ?)", "127.0.0.1", time.Now().Format(time.RFC3339))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = d.BanList()
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestClose(t *testing.T) {
-	d := createTestDBStruct(t)
-
-	err := d.Close()
-	if err != nil {
-		t.Fatal(err)
-	}
-}
--- a/internal/storage/migrations.go
+++ b/internal/storage/migrations.go
@@ -1,7 +1,6 @@
 package storage

-const CreateTables = `
-	
+const CreateRequestsTable = `
 CREATE TABLE IF NOT EXISTS requests (
 	id INTEGER PRIMARY KEY,
 	service TEXT NOT NULL,
@@ -9,10 +8,17 @@ CREATE TABLE IF NOT EXISTS requests (
 	path TEXT,
 	method TEXT,
 	status TEXT,
-	viewed BOOLEAN DEFAULT FALSE,
 	created_at DATETIME DEFAULT CURRENT_TIMESTAMP
 );

+CREATE INDEX IF NOT EXISTS idx_requests_service ON requests(service);
+CREATE INDEX IF NOT EXISTS idx_requests_ip ON requests(ip);
+CREATE INDEX IF NOT EXISTS idx_requests_status ON requests(status);
+CREATE INDEX IF NOT EXISTS idx_requests_created_at ON requests(created_at);
+`
+
+// Миграция для bans.db
+const CreateBansTable = `
 CREATE TABLE IF NOT EXISTS bans (
 	id INTEGER PRIMARY KEY,
 	ip TEXT UNIQUE NOT NULL,
@@ -21,9 +27,5 @@ CREATE TABLE IF NOT EXISTS bans (
 	expired_at DATETIME
 );

-CREATE INDEX IF NOT EXISTS idx_service ON requests(service);
-CREATE INDEX IF NOT EXISTS idx_ip ON requests(ip);
-CREATE INDEX IF NOT EXISTS idx_status ON requests(status);
-CREATE INDEX IF NOT EXISTS idx_created_at ON requests(created_at);
-CREATE INDEX IF NOT EXISTS idx_ban_ip ON bans(ip);
-	`
+CREATE INDEX IF NOT EXISTS idx_bans_ip ON bans(ip);
+`
--- a/internal/storage/models.go
+++ b/internal/storage/models.go
@@ -7,7 +7,6 @@ type LogEntry struct {
 	Path      string `db:"path"`
 	Status    string `db:"status"`
 	Method    string `db:"method"`
-	IsViewed  bool   `db:"viewed"`
 	CreatedAt string `db:"created_at"`
 }

--- a/internal/storage/requests_db.go
+++ b/internal/storage/requests_db.go
@@ -0,0 +1,69 @@
+package storage
+
+import (
+	"database/sql"
+
+	"github.com/d3m0k1d/BanForge/internal/logger"
+	"github.com/d3m0k1d/BanForge/internal/metrics"
+	_ "modernc.org/sqlite"
+)
+
+type RequestWriter struct {
+	logger *logger.Logger
+	db     *sql.DB
+}
+
+func NewRequestsWr() (*RequestWriter, error) {
+	db, err := sql.Open(
+		"sqlite",
+		buildSqliteDsn(ReqDBPath, pragmas),
+	)
+	if err != nil {
+		return nil, err
+	}
+	db.SetMaxOpenConns(1)
+	db.SetMaxIdleConns(1)
+	db.SetConnMaxLifetime(0)
+	return &RequestWriter{
+		logger: logger.New(false),
+		db:     db,
+	}, nil
+}
+
+type RequestReader struct {
+	logger *logger.Logger
+	db     *sql.DB
+}
+
+func NewRequestsRd() (*RequestReader, error) {
+	db, err := sql.Open(
+		"sqlite",
+		buildSqliteDsn(ReqDBPath, pragmas),
+	)
+	if err != nil {
+		return nil, err
+	}
+	db.SetMaxOpenConns(1)
+	db.SetMaxIdleConns(1)
+	db.SetConnMaxLifetime(0)
+	return &RequestReader{
+		logger: logger.New(false),
+		db:     db,
+	}, nil
+}
+
+func (r *RequestReader) IsMaxRetryExceeded(ip string, maxRetry int) (bool, error) {
+	var count int
+	if maxRetry == 0 {
+		return true, nil
+	}
+	err := r.db.QueryRow("SELECT COUNT(*) FROM requests WHERE ip = ?", ip).Scan(&count)
+	if err != nil {
+		r.logger.Error("error query count: " + err.Error())
+		metrics.IncError()
+		return false, err
+	}
+	r.logger.Info("Current request count for IP", "ip", ip, "count", count, "maxRetry", maxRetry)
+	metrics.IncDBOperation("select", "requests")
+	return count >= maxRetry, nil
+}
--- a/internal/storage/writer.go
+++ b/internal/storage/writer.go
@@ -1,22 +1,112 @@
 package storage

 import (
+	"database/sql"
+	"errors"
+	"fmt"
 	"time"
+
+	"github.com/d3m0k1d/BanForge/internal/metrics"
 )

-func Write(db *DB, resultCh <-chan *LogEntry) {
-	for result := range resultCh {
-		_, err := db.db.Exec(
-			"INSERT INTO requests (service, ip, path, method, status, created_at) VALUES (?, ?, ?, ?, ?, ?)",
-			result.Service,
-			result.IP,
-			result.Path,
-			result.Method,
-			result.Status,
-			time.Now().Format(time.RFC3339),
-		)
+func WriteReq(db *RequestWriter, resultCh <-chan *LogEntry) {
+	db.logger.Info("Starting log writer")
+	const batchSize = 100
+	const flushInterval = 1 * time.Second
+
+	batch := make([]*LogEntry, 0, batchSize)
+	ticker := time.NewTicker(flushInterval)
+	defer ticker.Stop()
+
+	flush := func() {
+		defer db.logger.Debug("Flushed batch", "count", len(batch))
+		err := func() (err error) {
+			if len(batch) == 0 {
+				return nil
+			}
+
+			tx, err := db.db.Begin()
+			if err != nil {
+				return fmt.Errorf("failed to begin transaction: %w", err)
+			}
+			defer func() {
+				if rollbackErr := tx.Rollback(); rollbackErr != nil &&
+					!errors.Is(rollbackErr, sql.ErrTxDone) {
+					err = errors.Join(
+						err,
+						fmt.Errorf("failed to rollback transaction: %w", rollbackErr),
+					)
+				}
+			}()
+
+			stmt, err := tx.Prepare(
+				"INSERT INTO requests (service, ip, path, method, status, created_at) VALUES (?, ?, ?, ?, ?, ?)",
+			)
+			if err != nil {
+				err = fmt.Errorf("failed to prepare statement: %w", err)
+				return err
+			}
+			defer func() {
+				if closeErr := stmt.Close(); closeErr != nil {
+					err = errors.Join(err, fmt.Errorf("failed to close statement: %w", closeErr))
+				}
+			}()
+
+			for _, entry := range batch {
+				_, err := stmt.Exec(
+					entry.Service,
+					entry.IP,
+					entry.Path,
+					entry.Method,
+					entry.Status,
+					time.Now().Format(time.RFC3339),
+				)
+				if err != nil {
+					db.logger.Error(fmt.Errorf("failed to insert entry: %w", err).Error())
+					metrics.IncError()
+				} else {
+					metrics.IncRequestCount(entry.Service)
+				}
+			}
+
+			if err := tx.Commit(); err != nil {
+				return fmt.Errorf("failed to commit transaction: %w", err)
+			}
+
+			batch = batch[:0]
+			metrics.IncDBOperation("insert", "requests")
+			return err
+		}()
 		if err != nil {
-			db.logger.Error("Failed to write to database", "error", err)
+			db.logger.Error(err.Error())
+		}
+	}
+
+	for {
+		select {
+		case result, ok := <-resultCh:
+			if !ok {
+				flush()
+				return
+			}
+
+			batch = append(batch, result)
+			if len(batch) >= batchSize {
+				flush()
+			}
+
+		case <-ticker.C:
+			flush()
 		}
 	}
 }
+
+func (w *RequestWriter) GetRequestCount() (int, error) {
+	var count int
+	err := w.db.QueryRow("SELECT COUNT(*) FROM requests").Scan(&count)
+	return count, err
+}
+
+func (w *RequestWriter) Close() error {
+	return w.db.Close()
+}
--- a/internal/storage/writer_test.go
+++ b/internal/storage/writer_test.go
@@ -1,40 +1,301 @@
 package storage

 import (
+	"database/sql"
+	"github.com/d3m0k1d/BanForge/internal/logger"
+	_ "modernc.org/sqlite"
+	"path/filepath"
 	"testing"
 	"time"
 )

-func TestWrite(t *testing.T) {
-	var ip string
-	d := createTestDBStruct(t)
+func TestWrite_BatchInsert(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "requests_test.db")

-	err := d.CreateTable()
+	writer, err := NewRequestWriterWithDBPath(dbPath)
 	if err != nil {
-		t.Fatal(err)
+		t.Fatalf("Failed to create RequestWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
 	}

-	resultCh := make(chan *LogEntry)
+	resultCh := make(chan *LogEntry, 100)

-	go Write(d, resultCh)
+	done := make(chan bool)
+	go func() {
+		WriteReq(writer, resultCh)
+		close(done)
+	}()

-	resultCh <- &LogEntry{
-		Service: "test",
-		IP:      "127.0.0.1",
-		Path:    "/test",
-		Method:  "GET",
-		Status:  "200",
+	entries := []*LogEntry{
+		{Service: "service1", IP: "192.168.1.1", Path: "/path1", Method: "GET", Status: "200"},
+		{Service: "service2", IP: "192.168.1.2", Path: "/path2", Method: "POST", Status: "404"},
+		{Service: "service3", IP: "192.168.1.3", Path: "/path3", Method: "PUT", Status: "500"},
+		{Service: "service4", IP: "192.168.1.4", Path: "/path4", Method: "DELETE", Status: "200"},
+		{Service: "service5", IP: "192.168.1.5", Path: "/path5", Method: "GET", Status: "301"},
+	}
+
+	for _, entry := range entries {
+		resultCh <- entry
+	}
+
+	close(resultCh)
+	<-done
+
+	count, err := writer.GetRequestCount()
+	if err != nil {
+		t.Fatalf("Failed to get request count: %v", err)
+	}
+
+	if count != len(entries) {
+		t.Errorf("Expected %d entries, got %d", len(entries), count)
+	}
+	rows, err := writer.db.Query("SELECT service, ip, path, method, status FROM requests ORDER BY id")
+	if err != nil {
+		t.Fatalf("Failed to query requests: %v", err)
+	}
+	defer rows.Close()
+
+	i := 0
+	for rows.Next() {
+		var service, ip, path, method, status string
+		err := rows.Scan(&service, &ip, &path, &method, &status)
+		if err != nil {
+			t.Fatalf("Failed to scan row: %v", err)
+		}
+
+		if i >= len(entries) {
+			t.Fatal("More rows returned than expected")
+		}
+
+		expected := entries[i]
+		if service != expected.Service {
+			t.Errorf("Expected service %s, got %s", expected.Service, service)
+		}
+		if ip != expected.IP {
+			t.Errorf("Expected IP %s, got %s", expected.IP, ip)
+		}
+		if path != expected.Path {
+			t.Errorf("Expected path %s, got %s", expected.Path, path)
+		}
+		if method != expected.Method {
+			t.Errorf("Expected method %s, got %s", expected.Method, method)
+		}
+		if status != expected.Status {
+			t.Errorf("Expected status %s, got %s", expected.Status, status)
+		}
+
+		i++
+	}
+
+	if i != len(entries) {
+		t.Errorf("Expected to read %d entries, got %d", len(entries), i)
+	}
+}
+
+func TestWrite_BatchSizeTrigger(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "requests_test.db")
+
+	writer, err := NewRequestWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create RequestWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+	resultCh := make(chan *LogEntry, 100)
+	done := make(chan bool)
+	go func() {
+		WriteReq(writer, resultCh)
+		close(done)
+	}()
+
+	batchSize := 100
+	entries := make([]*LogEntry, batchSize)
+	for i := 0; i < batchSize; i++ {
+		entries[i] = &LogEntry{
+			Service: "service" + string(rune(i+'0')),
+			IP:      "192.168.1." + string(rune(i+'0')),
+			Path:    "/path" + string(rune(i+'0')),
+			Method:  "GET",
+			Status:  "200",
+		}
+	}
+
+	for _, entry := range entries {
+		resultCh <- entry
+	}
+
+	close(resultCh)
+	<-done
+
+	count, err := writer.GetRequestCount()
+	if err != nil {
+		t.Fatalf("Failed to get request count: %v", err)
+	}
+
+	if count != batchSize {
+		t.Errorf("Expected %d entries, got %d", batchSize, count)
+	}
+}
+
+func TestWrite_FlushInterval(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "requests_test.db")
+
+	writer, err := NewRequestWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create RequestWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	resultCh := make(chan *LogEntry, 100)
+
+	done := make(chan bool)
+	go func() {
+		WriteReq(writer, resultCh)
+		close(done)
+	}()
+
+	entries := []*LogEntry{
+		{Service: "service1", IP: "192.168.1.1", Path: "/path1", Method: "GET", Status: "200"},
+		{Service: "service2", IP: "192.168.1.2", Path: "/path2", Method: "POST", Status: "404"},
+		{Service: "service3", IP: "192.168.1.3", Path: "/path3", Method: "PUT", Status: "500"},
+		{Service: "service4", IP: "192.168.1.4", Path: "/path4", Method: "DELETE", Status: "200"},
+		{Service: "service5", IP: "192.168.1.5", Path: "/path5", Method: "GET", Status: "301"},
+	}
+
+	for _, entry := range entries {
+		resultCh <- entry
+	}
+	time.Sleep(1500 * time.Millisecond)
+
+	close(resultCh)
+	<-done
+
+	count, err := writer.GetRequestCount()
+	if err != nil {
+		t.Fatalf("Failed to get request count: %v", err)
+	}
+
+	if count != len(entries) {
+		t.Errorf("Expected %d entries, got %d", len(entries), count)
+	}
+}
+
+func TestWrite_EmptyBatch(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "requests_test.db")
+
+	writer, err := NewRequestWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create RequestWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+
+	resultCh := make(chan *LogEntry, 100)
+
+	done := make(chan bool)
+	go func() {
+		WriteReq(writer, resultCh)
+		close(done)
+	}()
+
+	close(resultCh)
+	<-done
+	count, err := writer.GetRequestCount()
+	if err != nil {
+		t.Fatalf("Failed to get request count: %v", err)
+	}
+
+	if count != 0 {
+		t.Errorf("Expected 0 entries for empty batch, got %d", count)
+	}
+}
+
+func TestWrite_ChannelClosed(t *testing.T) {
+	tempDir := t.TempDir()
+	dbPath := filepath.Join(tempDir, "requests_test.db")
+
+	writer, err := NewRequestWriterWithDBPath(dbPath)
+	if err != nil {
+		t.Fatalf("Failed to create RequestWriter: %v", err)
+	}
+	defer writer.Close()
+
+	err = writer.CreateTable()
+	if err != nil {
+		t.Fatalf("Failed to create table: %v", err)
+	}
+	resultCh := make(chan *LogEntry, 100)
+
+	done := make(chan bool)
+	go func() {
+		WriteReq(writer, resultCh)
+		close(done)
+	}()
+
+	entries := []*LogEntry{
+		{Service: "service1", IP: "192.168.1.1", Path: "/path1", Method: "GET", Status: "200"},
+		{Service: "service2", IP: "192.168.1.2", Path: "/path2", Method: "POST", Status: "404"},
+	}
+
+	for _, entry := range entries {
+		resultCh <- entry
 	}

 	close(resultCh)

-	time.Sleep(100 * time.Millisecond)
+	<-done

-	err = d.db.QueryRow("SELECT ip FROM requests LIMIT 1").Scan(&ip)
+	count, err := writer.GetRequestCount()
 	if err != nil {
-		t.Fatal(err)
+		t.Fatalf("Failed to get request count: %v", err)
 	}
-	if ip != "127.0.0.1" {
-		t.Fatal("ip should be 127.0.0.1")
+
+	if count != len(entries) {
+		t.Errorf("Expected %d entries, got %d", len(entries), count)
 	}
 }
+
+func NewRequestWriterWithDBPath(dbPath string) (*RequestWriter, error) {
+	db, err := sql.Open("sqlite", dbPath+"?_pragma=journal_mode(WAL)&_pragma=busy_timeout(30000)&_pragma=synchronous(NORMAL)")
+	if err != nil {
+		return nil, err
+	}
+	db.SetMaxOpenConns(1)
+	db.SetMaxIdleConns(1)
+	db.SetConnMaxLifetime(0)
+	return &RequestWriter{
+		logger: logger.New(false),
+		db:     db,
+	}, nil
+}
+
+func (w *RequestWriter) CreateTable() error {
+	_, err := w.db.Exec(CreateRequestsTable)
+	if err != nil {
+		return err
+	}
+	w.logger.Info("Created requests table")
+	return nil
+}
Author	SHA1	Message	Date
d3m0k1d	8e3e940bed	feat: add new test for config All checks were successful build / build (push) Successful in 2m21s Details CD - BanForge Release / release (push) Successful in 21m28s Details	2026-02-25 15:16:46 +03:00
d3m0k1d	eaa03b3869	fix: fix deps All checks were successful build / build (push) Successful in 2m23s Details	2026-02-24 18:08:27 +03:00
d3m0k1d	bbc936ba5d	fix: linter All checks were successful build / build (push) Successful in 2m23s Details	2026-02-24 18:05:58 +03:00
d3m0k1d	5cc61aca75	feat: integration actions to judge logic and update docs for this Some checks failed build / build (push) Failing after 1m55s Details	2026-02-24 18:03:17 +03:00
d3m0k1d	fd38af9cb0	feat: release a email action and test for him All checks were successful build / build (push) Successful in 2m39s Details	2026-02-24 17:45:28 +03:00
d3m0k1d	0929b92939	docs: add manpages All checks were successful build / build (push) Successful in 2m20s Details CD - BanForge Release / release (push) Successful in 4m15s Details	2026-02-24 15:14:59 +03:00
d3m0k1d	b75541af61	feat: logic for scripts and webhooks All checks were successful build / build (push) Successful in 2m18s Details	2026-02-24 14:41:25 +03:00
d3m0k1d	4e56d7bb6c	feat: recode interfaces All checks were successful build / build (push) Successful in 2m25s Details	2026-02-23 23:40:44 +03:00
d3m0k1d	efa9abb289	feat: add actions to rule struct All checks were successful build / build (push) Successful in 2m18s Details	2026-02-23 23:18:43 +03:00
d3m0k1d	2747abfc04	feat: add struct for actions	2026-02-23 23:18:26 +03:00
d3m0k1d	66d460dbfc	feat: add simple actions without integration to another code All checks were successful build / build (push) Successful in 2m23s Details	2026-02-23 20:03:40 +03:00
d3m0k1d	783645c30b	docs: update readme versions and add prometheus to roadmap All checks were successful build / build (push) Successful in 2m24s Details	2026-02-23 18:29:18 +03:00
d3m0k1d	d9df055765	feat: full working metrics ready All checks were successful build / build (push) Successful in 2m21s Details CD - BanForge Release / release (push) Successful in 4m3s Details	2026-02-23 18:03:20 +03:00
d3m0k1d	6897ea8753	feat: new cli command and new logic for rules on dir All checks were successful build / build (push) Successful in 2m25s Details	2026-02-23 17:02:39 +03:00
d3m0k1d	d534fc79d7	feat: logic rules switch from one file to rules.d and refactoring init cli func All checks were successful build / build (push) Successful in 2m23s Details	2026-02-23 00:26:52 +03:00
d3m0k1d	9ad0a3eb12	fix: create db files on init func All checks were successful build / build (push) Successful in 2m25s Details	2026-02-22 23:26:50 +03:00
d3m0k1d	d8712037f4	feat: fix gorutines on sshd and new validators on parsers All checks were successful build / build (push) Successful in 2m22s Details	2026-02-22 23:18:07 +03:00
d3m0k1d	aef2647a82	chore: fix deps All checks were successful build / build (push) Successful in 2m28s Details CD - BanForge Release / release (push) Successful in 4m10s Details	2026-02-22 19:52:22 +03:00
d3m0k1d	c3b6708a98	fix: gofmt Some checks failed build / build (push) Has been cancelled Details	2026-02-22 19:48:37 +03:00
d3m0k1d	3acd0b899c	fix: linter run and gosec fix Some checks failed build / build (push) Failing after 1m52s Details	2026-02-22 19:45:59 +03:00
d3m0k1d	3ac1250bfc	feat: add metrics support	2026-02-22 19:45:47 +03:00
d3m0k1d	7bba444522	feat: upgrade max_retry logic and change version All checks were successful build / build (push) Successful in 2m9s Details	2026-02-22 18:27:21 +03:00
d3m0k1d	97eb626237	fix: update libs Some checks failed CD - BanForge Release / release (push) Failing after 2m24s Details	2026-02-22 17:21:20 +03:00
d3m0k1d	b7a1ac06d4	feat: new ver All checks were successful CD - BanForge Release / release (push) Successful in 3m42s Details	2026-02-22 16:13:51 +03:00
d3m0k1d	49f0acb777	docs: update add to example max retry All checks were successful build / build (push) Successful in 2m8s Details	2026-02-22 16:12:52 +03:00
d3m0k1d	a602207369	feat: full working max_retry logic All checks were successful build / build (push) Successful in 2m45s Details	2026-02-22 16:06:51 +03:00
d3m0k1d	8c0cfcdbe7	refactoring: method on reader req db All checks were successful build / build (push) Successful in 2m8s Details	2026-02-19 12:36:56 +03:00
d3m0k1d	35a1a89baf	fix: run tests in storage All checks were successful build / build (push) Successful in 2m6s Details	2026-02-19 11:22:52 +03:00
d3m0k1d	f3387b169a	fix: gosec Some checks failed build / build (push) Failing after 1m59s Details	2026-02-19 11:17:51 +03:00
d3m0k1d	5782072f91	fix: ci one more time Some checks failed build / build (push) Failing after 1m42s Details	2026-02-19 11:14:45 +03:00
d3m0k1d	7918b3efe6	feat: add new nosec flags for fix ci Some checks failed build / build (push) Failing after 1m38s Details	2026-02-19 11:09:59 +03:00
d3m0k1d	f628e24f58	fix: golangci fix Some checks failed build / build (push) Failing after 1m40s Details	2026-02-19 11:03:52 +03:00
d3m0k1d	7f54db0cd4	feat: add new method and for db req and add to template max retry Some checks failed build / build (push) Failing after 1m48s Details	2026-02-19 10:53:55 +03:00
Ilya Chernishev	2e9b307194	Merge pull request #1 from shinyzero00/master All checks were successful build / build (push) Successful in 2m25s Details refactoring pr by shinyzero00	2026-02-15 13:17:01 +03:00
Ilya Chernishev	726594a712	Change return value to nil on successful IP block	2026-02-15 13:13:26 +03:00
Ilya Chernishev	b27038a59c	Execute SQL statement to create table in database	2026-02-15 13:08:40 +03:00
Ilya Chernishev	72025dab7d	Remove comment about potential failure in encoding Removed commented-out question regarding error handling.	2026-02-15 12:59:20 +03:00
Ilya Chernishev	dd131477e2	fix ST1005	2026-02-15 12:51:18 +03:00
Ilya Chernishev	670aec449a	fix ST1005 staticcheck	2026-02-15 12:49:57 +03:00
zero@thinky	fc37e641be	refactor(internal/config): use CutSuffix	2026-02-15 04:56:22 +03:00
zero@thinky	361de03208	refactor(cmd/fw): wtf is that error handling	2026-02-15 04:56:22 +03:00
zero@thinky	a2268fda5d	fix(cmd/fw): why to fucking log when it is printed by the only caller	2026-02-15 04:56:22 +03:00
zero@thinky	9dc0b6002e	refactor(internal/config): error handling	2026-02-15 04:56:22 +03:00
zero@thinky	4953be3ef6	refactor(internal/storage/RequestWriter/WriteReq): wtf is that error handling	2026-02-15 04:56:22 +03:00
zero@thinky	c386a2d6bc	refactor(internal/storage/RequestWriter): deduplicate dsn	2026-02-15 04:54:38 +03:00
zero@thinky	dea03a6f70	refactor(*): what the fuck is that naming	2026-02-15 04:54:38 +03:00
zero@thinky	11f755c03c	style(internal/storage/BanWriter): rm extra newline	2026-02-15 04:54:38 +03:00
zero@thinky	1c7a1c1778	refactor(internal/storage/BanWriter): deduplicate dsn	2026-02-15 04:54:38 +03:00
zero@thinky	411574cabe	refactor(internal/storage): generalization and deduplication	2026-02-15 04:28:34 +03:00
d3m0k1d	820c9410a1	feat: update docs for new commands All checks were successful build / build (push) Successful in 2m8s Details CD - BanForge Release / release (push) Successful in 3m46s Details	2026-02-09 22:27:28 +03:00
d3m0k1d	6f261803a7	feat: add to cli commands for open/close ports on firewall All checks were successful build / build (push) Successful in 2m2s Details	2026-02-09 21:51:31 +03:00
d3m0k1d	aacc98668f	feat: add logic for PortClose and PortOpen on interfaces All checks were successful build / build (push) Successful in 2m4s Details	2026-02-09 21:31:19 +03:00
d3m0k1d	9519eedf4f	feat: add new interface method to firewals All checks were successful build / build (push) Successful in 3m9s Details	2026-02-09 19:50:06 +03:00
d3m0k1d	b8b9b227a9	Fix: daemon chanels All checks were successful build / build (push) Successful in 3m9s Details CD - BanForge Release / release (push) Successful in 5m9s Details	2026-01-27 17:10:01 +03:00
d3m0k1d	08d3214f22	Fix: goimport linter fix All checks were successful build / build (push) Successful in 3m27s Details	2026-01-27 17:04:36 +03:00
d3m0k1d	6ebda76738	feat: Add apache support Some checks failed build / build (push) Failing after 2m48s Details	2026-01-27 16:59:32 +03:00
d3m0k1d	b9754f605b	fix: Delete sudo calls on exec All checks were successful build / build (push) Successful in 3m8s Details CD - BanForge Release / release (push) Successful in 5m24s Details	2026-01-27 16:20:03 +03:00
d3m0k1d	be6b19426b	docs: Add installation guide All checks were successful build / build (push) Successful in 3m16s Details	2026-01-26 16:51:40 +03:00
d3m0k1d	3ebffda2c7	feat: improve table on cli interface All checks were successful build / build (push) Successful in 3m14s Details CD - BanForge Release / release (push) Successful in 5m8s Details	2026-01-26 14:21:35 +03:00
d3m0k1d	cadbbc9080	feat: improve reason string on db All checks were successful build / build (push) Successful in 3m8s Details	2026-01-26 14:04:30 +03:00
d3m0k1d	e907fb0b1a	feat: update ban/unban command All checks were successful build / build (push) Successful in 3m13s Details	2026-01-25 21:13:56 +03:00
d3m0k1d	b0fc0646d2	fix: typo All checks were successful build / build (push) Successful in 3m23s Details	2026-01-24 20:30:27 +03:00
d3m0k1d	c2eb02afc7	docs: fix roadmap All checks were successful build / build (push) Successful in 3m22s Details	2026-01-23 18:22:18 +03:00
d3m0k1d	262f3daee4	docs: update reaadme.md Roadmap and overview All checks were successful build / build (push) Successful in 3m3s Details	2026-01-23 17:58:03 +03:00
d3m0k1d	fb32886d4a	refactoring: rename func writer All checks were successful build / build (push) Successful in 3m31s Details	2026-01-22 21:08:55 +03:00
d3m0k1d	fb624a9147	fix: errcheck All checks were successful build / build (push) Successful in 3m10s Details	2026-01-22 20:34:49 +03:00
d3m0k1d	7741e08ebc	fix: linter	2026-01-22 20:34:36 +03:00
d3m0k1d	5f607d0be0	refactoring: full refactoring the database structure from 1 file to 2 file db struct to avoid conflict 2 writters and sqllite busy, improve tests Some checks failed build / build (push) Has been cancelled Details	2026-01-22 20:29:19 +03:00
d3m0k1d	9a7e5a4796	fix: fix matchPath logic All checks were successful build / build (push) Successful in 3m26s Details CD - BanForge Release / release (push) Successful in 5m21s Details	2026-01-22 00:37:57 +03:00
d3m0k1d	95bc7683ea	fix: fix test for test server All checks were successful build / build (push) Successful in 3m18s Details	2026-01-22 00:25:50 +03:00
d3m0k1d	dca0241f17	fix: golangci-lint --fix run Some checks failed build / build (push) Failing after 3m51s Details	2026-01-22 00:11:29 +03:00
d3m0k1d	791d64ae4d	feat: Recode logic for add logs to db Some checks failed build / build (push) Has been cancelled Details	2026-01-22 00:09:56 +03:00
d3m0k1d	7df9925f94	fix: db connection bug and delete debug logs Some checks failed build / build (push) Failing after 5m6s Details CD - BanForge Release / release (push) Failing after 6m11s Details	2026-01-21 22:43:08 +03:00
d3m0k1d	211e019c68	fix: fix gosec and err checl Some checks failed build / build (push) Failing after 3m10s Details	2026-01-21 22:30:27 +03:00
d3m0k1d	de000ab5b6	fix: fix Nginx parser start without gourutine Some checks failed build / build (push) Failing after 2m54s Details	2026-01-21 21:40:57 +03:00
d3m0k1d	0fe34d1537	Fix: fix daemon logic Some checks failed build / build (push) Failing after 2m33s Details	2026-01-21 21:36:38 +03:00
d3m0k1d	341f49c4b4	feat: improve db logic and logger(untested) Some checks failed build / build (push) Failing after 2m48s Details	2026-01-21 20:44:28 +03:00
d3m0k1d	7522071a03	fix: fix tests Some checks failed build / build (push) Failing after 2m47s Details	2026-01-21 19:16:25 +03:00
d3m0k1d	4e8dc51ac8	chore: switch driver one more time ncruses -> modernc Some checks failed build / build (push) Has been cancelled Details	2026-01-21 19:15:35 +03:00
d3m0k1d	11453bd0d9	chore: delete old driver from deps All checks were successful build / build (push) Successful in 1m43s Details CD - BanForge Release / release (push) Successful in 3m18s Details	2026-01-21 16:56:26 +03:00
d3m0k1d	f03ec114b1	fix: fix test, new driver	2026-01-21 16:56:07 +03:00
d3m0k1d	26f4f17760	fix: golangci --fix run Some checks failed build / build (push) Failing after 2m11s Details	2026-01-21 16:52:07 +03:00
d3m0k1d	3001282d88	chore: Add script for postinstall and postremove package, add scripts to gorealeaser Some checks failed build / build (push) Failing after 1m8s Details	2026-01-21 16:44:42 +03:00
d3m0k1d	9198f19805	chore: new driver for sqlite3 with wasm and edit goreleaser env to compiler CGO_ENABLED = 0, add empty file for postinstall script Some checks failed build / build (push) Failing after 1m15s Details	2026-01-21 16:26:55 +03:00
d3m0k1d	b6e92a2a57	feat: Add new logic for judge path with * Some checks failed build / build (push) Failing after 1m38s Details	2026-01-21 16:07:31 +03:00
d3m0k1d	16a174cf56	Fix: fix init nftables, fix logic ban/unban command All checks were successful build / build (push) Successful in 2m39s Details	2026-01-20 23:41:22 +03:00