Is there any sort of fail2ban tool?

Hello everybody !

Going on exploring Haiku,
I know that Haiku is Desktop oriented but I tried web servers,
I setted up nginx and apache this afternoon (both are working, great !)

One question about DDOS in Haiku.
Is there a tool/script/package like fail2ban ?
I don’t find any in the repositories.

Thank you :slight_smile:

There is no firewall for Haiku.

1 Like

Ok. Thank you extrowerk

What would be involved in porting a firewall to Haiku? Because doesn’t Bash have firewall config commands? IPTables > NetFilter tools? It shouldn’t be a major problem should it?

No, it doesn’t.

It only needs somebody who want to work on it. You can be that person.

A firewall is a kernel side thing that intercepts all incoming and outgoing network traffic and decides wether to allow or drop it.

The userspace commands (iptables, etc) are just a way to communicate with this kernel side part to tell it what to do.

Of course the kernel side part cannot be reused directly from Linux, our kernel is too different from Linux so the code couldn’t be adapted. Also the situation on Linux is a bit complicated as they have replaced it several times (iptables, nftables, and there’s another one I forgot the name). Now a lot of the complexity is in making sure the old tools still work with the new firewall code in the kernel there…

1 Like

What about BSD firewall tools?

"FreeBSD has three firewalls: PF, IPFW, and IPFILTER (IPF). FreeBSD also provides two traffic shapers for controlling bandwidth usage: altq and dummynet.

PF in FreeBSD has been ported from OpenBSD, if we match the syntax of any firewall I think it would be a great choice (note that freebsd PF is using an older symtax than OpenBSD PF)

It doesn’t really make a difference which OS it’s from, a firewall needs to integrate with the networn stack and our network stack isn’t the one from another OS, so the code needs to be written for the kernel side. Then you can interface it with any user-space tool you want.

1 Like