Kor-Elf-Shield

ATTENTION: The program is under active development and is NOT CURRENTLY PRODUCTION READY.

I have been using ConfigServer Security and Firewall (csf) for over 10 years to protect my server. But unfortunately, in September I found out that the company that supported this great product closed on August 31, 2025. CSF is written in PERL. And the company uploaded all the source codes to its repository under the GPLv3 license. But I do not know the PERL language. And it's hard for me to read it. :)

I decided to implement my solution in the Go Lang language. It will not be a complete copy of CSF. CSF just inspired me to do something similar to protect my server.

Done:

  • The ability to configure nftables has been implemented:
    * Allow or block incoming traffic by default.
    * Allow or block outgoing traffic by default.
    * Setting up icmp.
    * Port configuration.
    * Setting up white and black lists of IP addresses.
  • Setting up logging.

The plans include:

  • Make friends with docker.
  • Implement notification settings (for now only by e-mail).
  • Send notifications during ssh authorization.
  • Password brute-force protection.
  • Notify if a new user appears in the system.
  • Notify if system files have changed.

The software is MIT (see LICENSE) and uses third-party libraries that are distributed on their own terms (see LICENSE-3RD-PARTY.txt ).

Git

Releases

VK