d3m0k1d/BanForge

Fork 0

Files

d3m0k1d 6897ea8753

build / build (push) Successful in 2m25s

Details

feat: new cli command and new logic for rules on dir

2026-02-23 17:02:39 +03:00

5.5 KiB

Raw Blame History

CLI commands BanForge

BanForge provides a command-line interface (CLI) to manage IP blocking, configure detection rules, and control the daemon process.

Commands

init - Create configuration files

banforge init

Description
This command creates the necessary directories and base configuration files required for the daemon to operate:

/etc/banforge/config.toml — main configuration
/etc/banforge/rules.toml — default rules file
/etc/banforge/rules.d/ — directory for individual rule files

version - Display BanForge version

banforge version

Description
This command displays the current version of the BanForge software.

daemon - Starts the BanForge daemon process

banforge daemon

Description
This command starts the BanForge daemon process in the background. The daemon continuously monitors incoming requests, detects anomalies, and applies firewall rules in real-time.

firewall - Manages firewall rules

banforge ban <ip>
banforge unban <ip>

Description
These commands provide an abstraction over your firewall. If you want to simplify the interface to your firewall, you can use these commands.

Flag	Description
`-t`, `-ttl`	Ban duration (default: 1 year)

Examples:

# Ban IP for 1 hour
banforge ban 192.168.1.100 -t 1h

# Unban IP
banforge unban 192.168.1.100

ports - Open and close ports on firewall

banforge open -port <port> -protocol <protocol>
banforge close -port <port> -protocol <protocol>

Description
These commands provide an abstraction over your firewall. If you want to simplify the interface to your firewall, you can use these commands.

Flag	Required	Description
`-port`	+	Port number (e.g., 80)
`-protocol`	+	Protocol (tcp/udp)

Examples:

# Open port 80 for TCP
banforge open -port 80 -protocol tcp

# Close port 443
banforge close -port 443 -protocol tcp

list - List blocked IP addresses

banforge list

Description
This command outputs a table of IP addresses that are currently blocked.

rule - Manage detection rules

Rules are stored in /etc/banforge/rules.d/ as individual .toml files.

Add a new rule

banforge rule add -n <name> -s <service> [options]

Flags:

Flag	Required	Description
`-n`, `--name`	+	Rule name (used as filename)
`-s`, `--service`	+	Service name (nginx, apache, ssh, etc.)
`-p`, `--path`	-	Request path to match
`-m`, `--method`	-	HTTP method (GET, POST, etc.)
`-c`, `--status`	-	HTTP status code (403, 404, etc.)
`-t`, `--ttl`	-	Ban duration (default: 1y)
`-r`, `--max_retry`	-	Max retries before ban (default: 0)

Note: At least one of -p, -m, or -c must be specified.

Examples:

# Ban on 403 status
banforge rule add -n "Forbidden" -s nginx -c 403 -t 30m

# Ban on path pattern
banforge rule add -n "Admin Access" -s nginx -p "/admin/*" -t 2h -r 3

# SSH brute force protection
banforge rule add -n "SSH Bruteforce" -s ssh -c "Failed" -t 1h -r 5

List all rules

banforge rule list

Description
Displays all configured rules in a table format.

Example output:

+------------------+---------+--------+--------+--------+----------+---------+
| NAME             | SERVICE | PATH   | STATUS | METHOD | MAXRETRY | BANTIME |
+------------------+---------+--------+--------+--------+----------+---------+
| SSH Bruteforce   | ssh     |        | Failed |        | 5        | 1h      |
| Nginx 404        | nginx   |        | 404    |        | 3        | 30m     |
| Admin Panel      | nginx   | /admin |        |        | 2        | 2h      |
+------------------+---------+--------+--------+--------+----------+---------+

Edit an existing rule

banforge rule edit -n <name> [options]

Description
Edit fields of an existing rule. Only specified fields will be updated.

Flag	Required	Description
`-n`, `--name`	+	Rule name to edit
`-s`, `--service`	-	New service name
`-p`, `--path`	-	New path
`-m`, `--method`	-	New method
`-c`, `--status`	-	New status code

Examples:

# Update ban time for existing rule
banforge rule edit -n "SSH Bruteforce" -t 2h

# Change status code
banforge rule edit -n "Forbidden" -c 403

Remove a rule

banforge rule remove <name>

Description
Permanently delete a rule by name.

Example:

banforge rule remove "Old Rule"

Ban time format

Use the following suffixes for ban duration:

Suffix	Duration
`s`	Seconds
`m`	Minutes
`h`	Hours
`d`	Days
`M`	Months (30 days)
`y`	Years (365 days)

Examples: 30s, 5m, 2h, 1d, 1M, 1y

5.5 KiB Raw Blame History

CLI commands BanForge

Commands

init - Create configuration files

version - Display BanForge version

daemon - Starts the BanForge daemon process

firewall - Manages firewall rules

ports - Open and close ports on firewall

list - List blocked IP addresses

rule - Manage detection rules

Add a new rule

List all rules

Edit an existing rule

Remove a rule

Ban time format

5.5 KiB

Raw Blame History