Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - FreeFlite

#1
Hi all,

Sharing a plugin I've been building — ProBAN (Progressive Ban).

Instead of fixed-tier, fail2ban-style blocking, ProBAN grows an attacker's ban the more they knock and decays it while they're quiet. A drive-by scanner earns a 30-second timeout; a relentless one digs itself into a ban measured in days, then months — no tiers to tune.

Banned IPs can be silently dropped, funneled into a zero-window tarpit that burns their time and sockets (it never reads their input — zero parser attack surface), or redirected to a honeypot on ports you choose. All live under Reporting → ProBAN:



A few things I cared about:
  • IPv6 at full parity — with evidence-based /64 aggregation: ban /128s, escalate to the whole /64 only after N distinct offenders, so a shared-hosting /64 keeps its innocent neighbours.
  • VPN-friendly — UDP tunnels (WireGuard/IPsec) are invisible to it, and a "protected ports" setting keeps OpenVPN-over-TCP and other inbound services from being mistaken for attacks.
  • Safe by design — the tarpit target is reflection-locked to private/LAN/VPN addresses and tamper-checked every run, so it can't be aimed at a victim.
  • Built the proper OPNsense way — settings in a model XML (config.xml), a configd/rc.d service, config.json from a template, firewall rules owned by a plugins.inc.d hook.

Status: v0.1.0-rc.1, validated live on OPNsense 26.1 / PHP 8.3. It's a release candidate — testers, review, and honest feedback all very welcome.

Plugin: github.com/Freeflite/PROBan
Tarpit companion (Rust): github.com/Freeflite/TinyPit

Thanks for taking a look!