gerberos scans sources for lines matching regular expressions and containing IPv4 or IPv6 addresses and performs actions on those addresses. Possible sources are (not necessarily existant) non-directory files, systemd journals, kernel messages, and standard outputs of arbitrary processes. Addresses can be logged or added to ipsets or nft rulesets that gerberos will manage autonomously.
Minimal additional logic is applied. This is to adhere to the Unix philosophy, but impacts gerberos' out-of-the-box usefulness for specific use cases when compared to tools like fail2ban.
- ipset 6.34
- iptables 1.6.1
- nftables v0.9.3 (tested on Ubuntu 20.04)
- Go 1.18
- GNU Make 4.3 (optional)
- pgrep (system tests only, optional)
make build
make test
Requires ipset, iptables, and nftables to be installed.
make test_system
See gerberos.toml.
See gerberos.service.