d3m0k1d/BanForge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity
Files
e7bb64d24b9426d1d28e88dbefe560c5f130c037
BanForge/docs/config.md
d3m0k1d 5cc61aca75
Some checks failed
build / build (push) Failing after 1m55s
Details
feat: integration actions to judge logic and update docs for this
2026-02-24 18:03:17 +03:00

4.9 KiB
Raw Blame History

Configs

config.toml

Main configuration file for BanForge.

Example:

[firewall]
  name = "nftables"
  config = "/etc/nftables.conf"

[[service]]
  name = "nginx"
  logging = "file"
  log_path = "/home/d3m0k1d/test.log"
  enabled = true

[[service]]
  name = "nginx"
  logging = "journald"
  log_path = "nginx"
  enabled = false

Description The [firewall] section defines firewall parameters. The banforge init command automatically detects your installed firewall (nftables, iptables, ufw, firewalld). For firewalls that require a configuration file, specify the path in the config parameter.

The service section is configured manually. Currently, only nginx is supported. To add a service, create a service block and specify the log_path to the nginx log file you want to monitor. logging require in format "file" or "journald" if you use journald logging, log_path require in format "service_name"

rules.toml

Rules configuration file for BanForge.

If you wanna configure rules by cli command see here

Example:

[[rule]]
  name = "304 http"
  service = "nginx"
  path = ""
  status = "304"
  max_retry = 3
  method = ""
  ban_time = "1m"

  # Actions are executed after successful ban
  [[rule.action]]
    type = "email"
    enabled = true
    email = "admin@example.com"
    email_sender = "banforge@example.com"
    email_subject = "BanForge Alert: IP Banned"
    smtp_host = "smtp.example.com"
    smtp_port = 587
    smtp_user = "user@example.com"
    smtp_password = "password"
    smtp_tls = true
    body = "IP {ip} has been banned for rule {rule}"

  [[rule.action]]
    type = "webhook"
    enabled = true
    url = "https://hooks.example.com/alert"
    method = "POST"
    headers = { "Content-Type" = "application/json", "Authorization" = "Bearer token" }
    body = "{\"ip\": \"{ip}\", \"rule\": \"{rule}\", \"service\": \"{service}\"}"

  [[rule.action]]
    type = "script"
    enabled = true
    script = "/usr/local/bin/notify.sh"
    interpretator = "bash"

Description The rule section require name and one of the following parameters: service, path, status, method. To add a rule, create a rule block and specify the parameters. ban_time require in format "1m", "1h", "1d", "1M", "1y". If you want to ban all requests to PHP files (e.g., path = ".php") or requests to the admin panel (e.g., path = "/admin/"). If max_retry = 0 ban on first request.

Actions

Actions are executed after a successful IP ban. You can configure multiple actions per rule.

Action Types

1. Email Notification

Send email alerts when an IP is banned.

[[rule.action]]
  type = "email"
  enabled = true
  email = "admin@example.com"
  email_sender = "banforge@example.com"
  email_subject = "BanForge Alert"
  smtp_host = "smtp.example.com"
  smtp_port = 587
  smtp_user = "user@example.com"
  smtp_password = "password"
  smtp_tls = true
  body = "IP {ip} has been banned"
Field Required Description
type + Must be "email"
enabled + Enable/disable this action
email + Recipient email address
email_sender + Sender email address
email_subject - Email subject (default: "BanForge Alert")
smtp_host + SMTP server host
smtp_port + SMTP server port
smtp_user + SMTP username
smtp_password + SMTP password
smtp_tls - Use TLS connection (default: false)
body - Email body text

2. Webhook Notification

Send HTTP webhook requests when an IP is banned.

[[rule.action]]
  type = "webhook"
  enabled = true
  url = "https://hooks.example.com/alert"
  method = "POST"
  headers = { "Content-Type" = "application/json", "Authorization" = "Bearer token" }
  body = "{\"ip\": \"{ip}\", \"rule\": \"{rule}\"}"
Field Required Description
type + Must be "webhook"
enabled + Enable/disable this action
url + Webhook URL
method - HTTP method (default: "POST")
headers - HTTP headers as key-value pairs
body - Request body (supports variables)

3. Script Execution

Execute a custom script when an IP is banned.

[[rule.action]]
  type = "script"
  enabled = true
  script = "/usr/local/bin/notify.sh"
  interpretator = "bash"
Field Required Description
type + Must be "script"
enabled + Enable/disable this action
script + Path to script file
interpretator - Script interpretator (e.g., "bash", "python"). If empty, script runs directly

Variables

The following variables can be used in body fields (email, webhook):

Variable Description
{ip} Banned IP address
{rule} Rule name that triggered the ban
{service} Service name
{ban_time} Ban duration
Reference in New Issue View Git Blame Copy Permalink