cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7393067a976175b8b44692a408d533e38d0d01c4
Linux-Server-Management-Too…/modules/security
T
History
cschantz 7393067a97 MAJOR PERFORMANCE: Add IPset support for DDoS-scale blocking 
CRITICAL OPTIMIZATION:
Replaced slow CSF serial blocking with IPset hash table for instant
mass IP blocking during DDoS attacks.

BEFORE (CSF only):
- 100 IPs = 100+ seconds (serial blocking)
- Each block: sleep 0.8s + 3x expensive verification
- Cache rebuild after EVERY block
- 200+ iptables queries for verification

AFTER (IPset):
- 100 IPs = <1 second (hash table)
- Single iptables rule blocks entire set
- O(1) lookups vs O(n) rule iteration
- Native TTL support (auto-expiry)
- No verification overhead

IMPLEMENTATION:
1. Create temp IPset on startup: live_monitor_$$
2. Single iptables rule: -m set --match-set <name> src -j DROP
3. Batch blocking: batch_block_ips() for multiple IPs
4. Individual blocking: Uses ipset if available, falls back to CSF
5. Auto cleanup on exit: Removes ipset + iptables rule

FEATURES:
- Native 1-hour timeout per IP (configurable)
- Supports up to 65,536 IPs
- Temp-only (removed on script exit)
- CSF fallback if ipset unavailable
- IP validation before blocking

PERFORMANCE GAIN:
- 100x faster blocking during DDoS
- Minimal CPU overhead
- Scales to 10,000+ IPs easily
2025-12-01 17:02:10 -05:00
..
bot-analyzer.sh
CRITICAL: Fix bot-analyzer parse_logs output redirection bug
2025-11-21 17:52:49 -05:00
enable-cphulk.sh
Initial commit: Server Management Toolkit v2.0
2025-11-03 18:21:40 -05:00
firewall-activity-monitor.sh
Initial commit: Server Management Toolkit v2.0
2025-11-03 18:21:40 -05:00
ip-reputation-manager.sh
Add critical performance optimizations for large IP databases
2025-11-05 19:00:00 -05:00
live-attack-monitor.sh
MAJOR PERFORMANCE: Add IPset support for DDoS-scale blocking
2025-12-01 17:02:10 -05:00
malware-scanner.sh
CRITICAL FIX: Update InterWorx log file name from access_log to transfer.log
2025-11-20 15:50:45 -05:00
optimize-ct-limit.sh
PHASE 3: InterWorx support for critical security modules
2025-11-19 19:48:34 -05:00
ssh-attack-monitor.sh
Initial commit: Server Management Toolkit v2.0
2025-11-03 18:21:40 -05:00
tail-apache-access.sh
CRITICAL FIX: Update InterWorx log file name from access_log to transfer.log
2025-11-20 15:50:45 -05:00
tail-apache-error.sh
REFACTOR: Class B modules - Multi-panel log discovery
2025-11-19 20:06:50 -05:00
tail-mail-log.sh
Initial commit: Server Management Toolkit v2.0
2025-11-03 18:21:40 -05:00
tail-secure-log.sh
Initial commit: Server Management Toolkit v2.0
2025-11-03 18:21:40 -05:00
web-traffic-monitor.sh
CRITICAL FIX: Update InterWorx log file name from access_log to transfer.log
2025-11-20 15:50:45 -05:00