{"id":25914485,"url":"https://github.com/luveedu/luveedu-firewall","last_synced_at":"2025-10-24T23:03:54.401Z","repository":{"id":279848889,"uuid":"940197722","full_name":"Luveedu/Luveedu-Firewall","owner":"Luveedu","description":"Luveedu Firewall is a lightweight and efficient tool designed to protect your OpenLiteSpeed web server from Denial of Service (DoS) attacks. It monitors server logs, detects suspicious activity, and blocks malicious IPs using iptables. This README provides an overview of the tool, its benefits, how it works, and instructions for installation.","archived":false,"fork":false,"pushed_at":"2025-02-27T21:56:38.000Z","size":47,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-02-28T03:50:31.138Z","etag":null,"topics":["application","bash-script","ddos","ddos-attacks","dos","dos-attack","firewall","firewall-management","waf","web"],"latest_commit_sha":null,"homepage":"https://cloud.luveedu.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Luveedu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-27T19:15:34.000Z","updated_at":"2025-02-27T21:56:42.000Z","dependencies_parsed_at":"2025-02-28T03:53:22.765Z","dependency_job_id":"d1722681-4fe6-40ee-aa6f-4da4f503eba9","html_url":"https://github.com/Luveedu/Luveedu-Firewall","commit_stats":null,"previous_names":["luveedu/luveedu-firewall"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Luveedu%2FLuveedu-Firewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Luveedu%2FLuveedu-Firewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Luveedu%2FLuveedu-Firewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Luveedu%2FLuveedu-Firewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Luveedu","download_url":"https://codeload.github.com/Luveedu/Luveedu-Firewall/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241652964,"owners_count":19997578,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application","bash-script","ddos","ddos-attacks","dos","dos-attack","firewall","firewall-management","waf","web"],"created_at":"2025-03-03T11:20:56.390Z","updated_at":"2025-10-17T09:41:29.721Z","avatar_url":"https://github.com/Luveedu.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"```\nCOMING SOON: New Luveedu WAF Addon Powered by ModSecurity.\n```\n\n# Luveedu Firewall - Open Source \u0026 Free\nThe Luveedu Firewall is a robust DoS and DDoS prevention tool designed for OpenLiteSpeed servers. This Bash script monitors the access log in real-time, enforcing strict rate limits—100 requests per 30 seconds and 15 requests per 3 seconds—to block malicious IPs using iptables. It supports whitelisting and blacklisting via an API, handles X-Forwarded-For headers for CDN compatibility, and logs all actions for transparency.\n\n✅ Realtime Blocking\n\n✅ DDoS Blocking - Rate Limited\n\n✅ Faster Blocking\n\n✅ Realtime Antivirus \u0026 Malware Scanning\n\n✅ API Based Access \u0026 Scanning\n\n✅ Rate Limiting\n\n✅ More Coming Soon!\n\n\u0026nbsp;\n\n### Guides \u0026 Installation\n[Installation](https://github.com/Luveedu/Luveedu-Firewall/tree/main?tab=readme-ov-file#4-installation)\n\nGuides for: [Luveedu Firewall](https://github.com/Luveedu/Luveedu-Firewall/tree/main?tab=readme-ov-file#luveedu-firewall---ddos--dos-blocking--super-powerful-)\n//\n[Luveedu Shield](https://github.com/Luveedu/Luveedu-Firewall/tree/main?tab=readme-ov-file#luveedu-shield---realtime-block-malicious-bots--reduce-load--addon-)\n//\n[Luveedu Antivirus](https://github.com/Luveedu/Luveedu-Firewall/tree/main?tab=readme-ov-file#luveedu-antivirus---malware-scanning--removal--addon-)\n\n[Support \u0026 Feedback](https://github.com/Luveedu/Luveedu-Firewall/tree/main?tab=readme-ov-file#6-support--feedback)\n\n\n\u0026nbsp;\n\n## 2. Benefits of this Tool\n\nLuveedu Firewall offers a powerful suite of features to protect your OpenLiteSpeed server from DoS and DDoS attacks. Below are its key benefits:\n\n- **Real-time Monitoring**  \n  Continuously scans the OpenLiteSpeed access log (`/usr/local/lsws/logs/access.log`) to detect unusual traffic patterns and potential threats instantly. This proactive approach ensures rapid identification of attacks, minimizing downtime and maintaining server availability. Detailed logs are written to `/var/log/luvd-firewall.log`, enabling real-time or retrospective analysis by administrators.\n\n- **Rate Limiting**  \n  Enforces dual-layer rate limits—100 requests per 30 seconds and 15 requests per 3 seconds—to block IPs exceeding these thresholds. This granular control mitigates both sustained and burst attack attempts, intelligently adjusting to traffic spikes to protect legitimate users. Blocked IPs are added to `iptables` with a 24-hour expiration, balancing security and flexibility.\n\n- **Whitelist/Blacklist Support**  \n  Integrates seamlessly with the Luveedu Cloud API (`https://waf.luveedu.cloud/checkip.php?ip=`) for dynamic IP management. Whitelists trusted IPs, ensuring uninterrupted access for Google Bots, Bing Bots, Yahoo Bots, known search crawlers, popular CDN IPs (e.g., Cloudflare, Akamai), and legitimate scanners. Blacklists IPs flagged as spam by trusted sources like Spamhaus and Comodo. Maintained by [Luveedu Cloud](https://cloud.luveedu.com), this free API provides up-to-date threat intelligence at no cost.\n\n- **CIDR Blocking**  \n  Automatically blocks entire IP ranges (e.g., /24 subnets) when a single IP exceeds rate limits and ends in `.0`, effectively targeting botnets and coordinated attacks. This reduces false positives by focusing on broader malicious patterns while preserving access for unrelated IPs. Use the `--release-ip` command to manually unblock specific IPs or ranges for precise control.\n\n- **Log Rotation**  \n  Implements automated log rotation every 5 minutes via the `rotate_logs` function, clearing logs like `/var/log/luvd-firewall.log` and `/usr/local/lsws/logs/access.log` to prevent disk space exhaustion. This maintains system performance and keeps logs manageable, with backups preserving critical data for long-term analysis.\n\n- **Lightweight**  \n  Engineered as a Bash script, it runs efficiently with minimal resource overhead, ideal for resource-constrained environments. Leveraging tools like `iptables` and `curl`, it avoids heavy dependencies. With a 1-second check interval (`CHECK_INTERVAL=1`), it balances responsiveness with low CPU/memory usage, ensuring OpenLiteSpeed performance remains uncompromised.\n\n- **Additional Benefits**  \n  - **CDN Compatibility**: Respects `X-Forwarded-For` headers to identify real client IPs behind CDNs or proxies, ensuring accurate rate limiting without blocking legitimate traffic.  \n  - **Flexible Management**: Offers a rich CLI with commands like `--start`, `--stop`, `--check-logs`, `--blocked-list`, `--release-all`, and `--update`. The `--check-logs` feature provides a real-time dashboard of IP activity, including `Requests/30s` and `Requests/3s` metrics.  \n  - **Self-Updating**: The `--update` command fetches the latest version from GitHub, keeping the firewall current with emerging threats, followed by an automatic reset for seamless updates.  \n  - **Customizable Configuration**: Allows tweaking of parameters like `BLOCK_DURATION`, `REQUEST_LIMIT_PER_WINDOW`, and `WINDOW_DURATION` directly in the script, tailoring protection to specific server needs without external tools.\n\nThese features make Luveedu Firewall a comprehensive, efficient, and user-friendly solution for safeguarding OpenLiteSpeed servers, ensuring robust security and operational flexibility.\n\n  \n\n\n\u0026nbsp;\n\n## 3. How it Works\n\nLuveedu Firewall operated by analyzing the OpenLiteSpeed access log (`access.log`) \u0026 (`syslog`) in real-time.\n\n Features include automatic log rotation, expired block removal after 24 hours, and commands to start, stop, reset, or check stats. With its configurable settings and real-time monitoring, Luveedu Firewall ensures server security against denial-of-service attacks. \n\n\n\u0026nbsp;\n## 4. Installation\n\n#### Requirements\n\n  \n\n1. Cyberpanel and Openlitespeed\n2. Min 1vCore \u0026 1Gb Ram\n3. Any Linux Distro ( Debian Based and RHEL Based )\n\n  \n\u0026nbsp;\n```\nwget -qO- https://raw.githubusercontent.com/Luveedu/Luveedu-Firewall/refs/heads/main/start.sh | sudo bash\n```\n\n***It will change the Access Logging Settings for all vHosts***\n\n  \n\n\u0026nbsp;\n\n## Luveedu Firewall - DDoS / DoS Blocking ( Super Powerful )\n\n  \n\nBelow is a detailed explanation of the available CLI options for managing and monitoring the Luveedu Firewall tool.\n\n**Main Usage**\n\n```luvd-firewall --start``` - It starts the Firewall\n\n```luvd-firewall --stop``` - It stops the Firewall\n\n```luvd-firewall --check-logs``` - Monitor the Rate Limiting Stats\n\n```luvd-firewall --blocked-list``` - Check the Blocked IPs\n\n```luvd-firewall --fix-logs``` - Fix the vHosts to log in access.log file\n\n```luvd-firewall --fix-logs --domains``` - Fix the vHosts to log in access.log file for Specific Domain\n\n```luvd-firewall --reset``` - If the Firewall is not Working Simply Reset the Configuration\n\n```luvd-firewall --update``` - Update the Script to the Latest Version from Github\n\n\n\u0026nbsp;\n\n**Basic Usage**\n\n```luvd-firewall --release-all``` - Unblock all the IPs from iptables\n\n```luvd-firewall --release-ip 8.8.8.8``` - Unblock any particular IP or Range\n\n```luvd-firewall --check-ip 8.8.8.8``` - It will detect if the IP is BLACKLISTED OR WHITELISTED OR NONE\n\n```luvd-firewall --clear-logs``` - It will clear all the previous logs\n\n\n\n\u0026nbsp;\n\n## Luveedu Shield - Realtime Block Malicious Bots \u0026 Reduce Load ( Addon )\n\nLuveedu Shield is a Addon for Luveedu Firewall, Which runs in background and scanns the syslog file to detect the IPs those are rated as malicious and we use Comodo and OSWAP to find the Blacklisted BOT IPs and Block them directly from the Kernal, hence you are totally safe and it will reduce server Load.\n\nBelow is a detailed explanation of the available CLI options for managing and monitoring the Luveedu Shield tool.\n\n\n**Main Usage**\n\n```luvd-shield --start``` - It starts the Blocking Engine\n\n```luvd-shield --stop``` - It stops the Blocking Engine\n\n```luvd-shield --blocked-list``` - Check the Blocked IPs\n\n```luvd-shield --fix-all``` - Fix the Issues related to logging \u0026 iptables\n\n```luvd-shield --reset``` - If the Shield is not Working Simply Reset the Configuration\n\n```luvd-shield --update``` - Update the Script to the Latest Version from Github\n\n\n=================\n\nTail the Logs of Shield \u0026 Monitor in more details, BTW, everything is Automatic.\n\n```\ntail -f /var/log/luvd-shield.log\n```\n\n\n\n\u0026nbsp;\n\n## Luveedu Antivirus - Malware Scanning \u0026 Removal ( Addon )\n\nLuveedu AV ( Antivirus ) is a powerful and super strong malware scanning and removal tool by Luveedu Firewall. You can easily scan, detect, disinfect and remove malicious files. Its that simple and easy. You can always try system scanning, mail scanning, Database Scanning, 100+ File types support \u0026 automatically move infected files to Quarantine, which you can view later easily. Custom Comodo ClamAV Signatures for refinement. Best Positive Rate \u0026 Great Way to Resolve all malware issues.\n\nBelow is a detailed explanation of the available CLI options for managing and monitoring the Luveedu Antivirus tool.\n\n**Main Usage**\n\n```luvd-antivirus --start``` - It starts the Scanning Engine \u0026 Do a Initial Scan\n\n```luvd-antivirus --stop``` - It stops the Running Scans \u0026 the Scannng Engine\n\n```luvd-antivirus --check-logs``` - Check the Running Scanning Logs\n\n```luvd-antivirus --check-logs --rkhunter``` - Current Scanning Logs of RKHUNTER ( Rookit Injections )\n\n```luvd-antivirus --check-stats``` - Last 10 Scanning Results\n\n\n\u0026nbsp;\n\n**Scanning Usage**\n\n```luvd-antivirus --scan``` - It will Start Scanning the Entire Home Directory\n\n```luvd-antivirus --scan --domains``` - It will only scan any selected domain\n\n```luvd-antivirus --scan --main``` - It will Only Scan the Emails \u0026 Attachments\n\n```luvd-antivirus --scan --folder /home/customer-folder``` - It will Only Scan the Specified Folder inside /home/\n\n```luvd-antivirus --scan --rootkit``` - It will do a force scan using RKHUNTER for Rootkits\n\n```luvd-antivirus --stop-scan``` - It will immediately Stop the Scanning\n\n```luvd-antivirus --infected-files``` - Check the Infected Files currently in Quarantine\n\n```luvd-antivirus --remove-all``` - You can permanantly delete all Infected files from Quarantine\n\n```luvd-antivirus --restore filename.png``` - It can restore the Quarantine Files to its actual Location\n\n\n\u0026nbsp;\n\n**Basic Usage**\n\n```luvd-antivirus --update``` - It will update the Luveedu Antivirus Script\n\n```luvd-antivirus --clear-logs``` - It can clear all Unwanted Luveedu Antivirus Logs\n\n\u0026nbsp;\n\n----------\n\n### Try DDoS and DoS Attacks\n\nOur Testing Domain using our Luveedu Firewall ( No Cloudflare, No CDN - Let's Try )\n\n```\nhttps://test.luveedu.com/\n``` \n\n\u0026nbsp;\n\n## 5. Future Plans\n\nWe are improving it day by day, we will implement so many things. Some of our thoughts.\n\n```\n1. GUI Layout\n2. Web Dashboard\n3. Proper Blocking WAF using ModSecurity\n4. SQL and XSS Prevention\n5. Bruteforce Prevention\n6. Support for all Panels and Standalone servers\n```\n\n  \n\n\u0026nbsp;\n\n## 6. Support \u0026 Feedback\n\n  \n\nCurrently, we are accepting your feedbacks and error requests by\n\n```\n1. support[@]luveedu.com\n2. https://www.luveedu.com/contact/?utm-source=Github.com\n3. Create Issue in Github\n4. Create Forums in Cyberpanel or LiteSpeed\n```\n\n\u0026nbsp;\n\n## 6. Credits \u0026 Funding\n\n  \n\nIt is managed by Luveedu Cloud Team \u0026 Build by [Ariyan Debnath](https://www.linkedin.com/in/ariyan-debnath)\n\n**Credits**\n\n```\n© Webxenith Technologies LLP\nManaged by Luveedu Cloud Team | 100% FREE FOR ALL\n\n-- Thanks to ClamAV\n-- Thanks to Comodo\n-- Thanks to Github always\n```\n\n**Sponsership \u0026 Funding**\n\n```\n- Currently No Sponsorer\n\nYou can fund this project to make it a full fledge enterprise level Open source Malware Scanning \u0026 WAF.\n\nWe need Your time and experience.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluveedu%2Fluveedu-firewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fluveedu%2Fluveedu-firewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluveedu%2Fluveedu-firewall/lists"}