Hi all,
Sharing a plugin I've been building — ProBAN (Progressive Ban).
Instead of fixed-tier, fail2ban-style blocking, ProBAN grows an attacker's ban the more they knock and decays it while they're quiet. A drive-by scanner earns a 30-second timeout; a relentless one digs itself into a ban measured in days, then months — no tiers to tune.
Banned IPs can be silently dropped, funneled into a zero-window tarpit that burns their time and sockets (it never reads their input — zero parser attack surface), or redirected to a honeypot on ports you choose. All live under Reporting → ProBAN:

A few things I cared about:
Status: v0.1.0-rc.1, validated live on OPNsense 26.1 / PHP 8.3. It's a release candidate — testers, review, and honest feedback all very welcome.
Plugin: github.com/Freeflite/PROBan
Tarpit companion (Rust): github.com/Freeflite/TinyPit
Thanks for taking a look!
Sharing a plugin I've been building — ProBAN (Progressive Ban).
Instead of fixed-tier, fail2ban-style blocking, ProBAN grows an attacker's ban the more they knock and decays it while they're quiet. A drive-by scanner earns a 30-second timeout; a relentless one digs itself into a ban measured in days, then months — no tiers to tune.
Banned IPs can be silently dropped, funneled into a zero-window tarpit that burns their time and sockets (it never reads their input — zero parser attack surface), or redirected to a honeypot on ports you choose. All live under Reporting → ProBAN:

A few things I cared about:
- IPv6 at full parity — with evidence-based /64 aggregation: ban /128s, escalate to the whole /64 only after N distinct offenders, so a shared-hosting /64 keeps its innocent neighbours.
- VPN-friendly — UDP tunnels (WireGuard/IPsec) are invisible to it, and a "protected ports" setting keeps OpenVPN-over-TCP and other inbound services from being mistaken for attacks.
- Safe by design — the tarpit target is reflection-locked to private/LAN/VPN addresses and tamper-checked every run, so it can't be aimed at a victim.
- Built the proper OPNsense way — settings in a model XML (config.xml), a configd/rc.d service, config.json from a template, firewall rules owned by a plugins.inc.d hook.
Status: v0.1.0-rc.1, validated live on OPNsense 26.1 / PHP 8.3. It's a release candidate — testers, review, and honest feedback all very welcome.
Plugin: github.com/Freeflite/PROBan
Tarpit companion (Rust): github.com/Freeflite/TinyPit
Thanks for taking a look!
"