{"id":15059253,"url":"https://github.com/dvershinin/fds","last_synced_at":"2025-10-23T20:45:14.216Z","repository":{"id":41964554,"uuid":"236843307","full_name":"dvershinin/fds","owner":"dvershinin","description":"The go-to FirewallD CLI app.","archived":false,"fork":false,"pushed_at":"2025-06-13T09:36:54.000Z","size":429,"stargazers_count":16,"open_issues_count":11,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-13T10:43:08.476Z","etag":null,"topics":["ban","centos","centos7","centos8","cloudflare","cloudflare-firewall","continents","countries","fedora","fedora-linux","firewall","firewall-management","firewalld","tor","zones"],"latest_commit_sha":null,"homepage":"https://fds.getpagespeed.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dvershinin.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"dvershinin"}},"created_at":"2020-01-28T21:15:34.000Z","updated_at":"2025-04-16T02:32:57.000Z","dependencies_parsed_at":"2023-12-20T16:49:14.078Z","dependency_job_id":"2395dd8b-8f68-468f-a704-eaac51c261fa","html_url":"https://github.com/dvershinin/fds","commit_stats":null,"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/dvershinin/fds","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvershinin%2Ffds","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvershinin%2Ffds/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvershinin%2Ffds/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvershinin%2Ffds/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dvershinin","download_url":"https://codeload.github.com/dvershinin/fds/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dvershinin%2Ffds/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260268634,"owners_count":22983601,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ban","centos","centos7","centos8","cloudflare","cloudflare-firewall","continents","countries","fedora","fedora-linux","firewall","firewall-management","firewalld","tor","zones"],"created_at":"2024-09-24T22:39:57.828Z","updated_at":"2025-10-23T20:45:14.150Z","avatar_url":"https://github.com/dvershinin.png","language":"Python","funding_links":["https://github.com/sponsors/dvershinin","https://www.buymeacoffee.com/dvershinin"],"categories":[],"sub_categories":[],"readme":"# fds\n\n[![Buy Me a Coffee](https://img.shields.io/badge/dynamic/json?color=blue\u0026label=Buy%20me%20a%20Coffee\u0026prefix=%23\u0026query=next_time_total\u0026url=https%3A%2F%2Fwww.getpagespeed.com%2Fbuymeacoffee.json\u0026logo=buymeacoffee)](https://www.buymeacoffee.com/dvershinin)\n \nThe go-to **F**irewallD CLI app that **d**oesn't **s**uck.\n\n## What is `fds`?\n \nFirewall management is often a task that you do once at the time of setting up a server.\nBut if you're maintaining a server like a PRO, you are monitoring logs, and blocking malicious users as they come, on a *regular basis*.\n\nFirewallD is a great firewall software. It has the concepts of zones, sources, and supports IP sets. \nHowever, its client app, `firewall-cmd` is far from user-friendly when it comes to blocking and managing blocked IP addresses.\nFurthermore, if you also use Cloudflare firewall, you also want to propagate your blocked IP addresses to it for best protection.\n \n`fds` is the CLI client for FirewallD/Cloudflare, that you'll love to use any day.\nIt is an alternative, client for FirewallD.\n\nUse it for simple or complex banning tasks, instead of `firewall-cmd`.\n\nLook how simple things are with `fds`:\n\n```bash\nfds block \u003ccountry name\u003e\nfds block 1.2.3.4\n```\n\nIt makes the task of managing your FirewallD easy and human-friendly.\n\n## Installation on CentOS/RHEL, Fedora and Amazon Linux\n\nFirst, install RPM repository configuration:\n\n```bash\nsudo yum -y install https://extras.getpagespeed.com/release-latest.rpm\n```\n\n## Free installation\n\nFor free installation and usage, disable the binary packages sub-repository,\nwhich contains non-essential dependencies for `fds`:\n\n```bash\nsudo yum -y install yum-utils\nsudo yum-config-manager --disable getpagespeed-extras\n```\n\nNow you can install `fds`:\n\n```bash\nsudo yum -y install fds\n```\n\n## Installation with subscription\n\nBy [subscribing to the GetPageSpeed RPM repository](https://www.getpagespeed.com/repo-subscribe), you gain access to a [number of packages](https://extras.getpagespeed.com/redhat/8/x86_64/repoview/) other than `fds`, as well support its development.\n\nSimply run this command:\n\n```bash\nsudo yum -y install fds\n```\n\nThe subscription ships with packages for IP prefixes' aggregation.\n`fds` can use those, and thus essentially overcome some [serious FirewallD bugs](https://fds.getpagespeed.com/firewalld/).\n\nSo it's highly recommended to also run the following if you are a subscriber:\n\n### CentOS/RHEL 7 only\n\n```bash\nsudo yum -y install python2-aggregate6\n```\n\n### CentOS/RHEL 8+, Fedora and Amazon Linux\n\n```bash\nsudo yum -y install python3-aggregate6\n```\n\n## What `fds` can do \n\nThe `fds` is utility program for users of FirewallD. It is a helper to easily perform day-to-day \nfirewall tasks:\n\n* block users of Tor\n* block countries\n* block arbitrary IP addresses\n* block the same over at Cloudflare\n\n### Integrations\n\nBy default, `fds` only operates with FirewallD. \n\nTo enable [Cloudflare integration](docs/cloudflare.md), run:\n \n    fds config \n\n## Block Tor\n\nYou can block all Tor exit nodes by running:\n\n```bash\nfds block tor\n```\n\nNote that since these addresses constantly change, you may want to run this command in a cron.\n\n## Ban a single IP\n\n```bash\nfds block 1.2.3.4\n```\n\nThis blocks IP address in a proper(©) fashion by ensuring that the IP is in a set named `networkblock4`,\nthat the set is a source to FirewallD's `drop` zone. Using IP sets is the corner stone of consistent\nfirewall management!\n\n`fds` is also smart enough to break any existing connections originating from that IP address.\nUseful if malicious requests are in process.\n\nYou can specify base name of created/used IP set for blocking, by specifying it in `--ipset`, e.g.\nfor `banned4` (IPv4) or `banned4` (IPv6), use:\n\n```bash\nfds block 1.2.3.4 --ipset banned\n```\n\n## Ban a country or a continent\n\n```bash\nfds block \u003cCountry Name\u003e\nfds block China\nfds block Asia\n```\n\nTo block a country which has spaces in its name, use quotes:\n\n```bash\nfds block \"Country Name\"\n```\n\nYou can list all country names available for blocking by running:\n\n```bash\nfds list countries\n``` \n\nYou can list all continents available for blocking by running:\n\n```bash\nfds list continents\n``` \n\n\n\n### `--no-reload` (`-nr`)\n\nUse this optional flag to prevent FirewallD from being reloaded.\nThis is only useful when adding multiple blocks, as it ensure faster blocking:\n\n```bash\nfds block 1.2.3.4 --no-reload\nfds block 2.3.4.5 --no-reload\nfds block Country1 --no-reload\n...\nfds block Country2\n```\n\nIn the above example, we block some IP addresses and a few countries.\nThe last block operation will reload FirewallD and actually apply our ban.\n\nAlternatively, invoke all `fds block` with `--no-reload` option and invoke `firewall-cmd --reload`\nin the end.\n\n## List all blocked networks and countries\n\nThe following allows to easily see what is blocked: \n\n```bash\nfds list blocked\n``` \n\n## Unblock a country or IP/network\n\nUse `fds unblock ...` like the following:\n\n```fds\nfds unblock China\nfds unblock 1.2.3.4\n```\n\n## Reset all bans\n\nYou can quickly remove all blocks (and by that, all IP sets associated with `fds`):\n\n```bash\nfds reset\n```\n\n## Notes\n\nThe `fds` package automatically installs a cron job that syncs your blocked IP sets daily.\nSo there is no need to do anything to ensure a country (or Tor) stays blocked.\n\n### Planned\n\n* integration with [`trusted-lists`](https://github.com/dvershinin/trusted-lists) IP sets for easy whitelisting\n* declare a CDN of servers and push blocking commands across those server from one place (ansible-like), useful for dynamic blocking\nfrom the central server (honeypot)\n* drop outbound connections (shortcut to https://cogitantium.blogspot.com/2017/06/how-to-drop-outbound-connections-with.html) \n\nSee contributing guide for development setup (if not using packages).\n\n## Files\n\n* not in use: `/etc/fds.conf` (info on currently blocked countries or otherwise small data sets suitable for a single config file)\n* not in use: `/var/lib/fds`: zone files, (state data) + (info on what is currently blocked) (???)\n* `/var/cache/fds`: cachecontrol cache\n* `/root/.cloudflare/cloudflare.cfg` Cloudflare authentication\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvershinin%2Ffds","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdvershinin%2Ffds","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdvershinin%2Ffds/lists"}