search

NethServer / nethsecurity

NethSecurity image and build environment
https://www.nethsecurity.org/
Other
98 stars 6 forks source link

Improve Threat Shield UI #795

Open gsanchietti opened 4 days ago

gsanchietti commented 4 days ago

Description:

We can no longer postpone the improvement of the banIP UI, or half of the reporting becomes ineffective. To enhance the utility of the Threat Shield reporting, the following improvements must be made to both the UI and backend functionalities:

To-Do List:

  1. Modify Dashboard Counter:

    • Display a warning message if logging is disabled.

  2. Settings Page:

    Logging options (all options are enabled/disabled):

    • Log packets blocked in pre-routing chain, ban_logprerouting: Log suspicious packets in the prerouting chain.
    • Log packets blocked in input chain, ban_loginput: Log suspicious packets in the WAN-input chain.
    • Log packets blocked in forward chain chain, ban_logforwardwan: Log suspicious packets in the WAN-forward chain.
    • Log packets blocked in forwarded from lan ban_logforwardlan: Log suspicious packets in the LAN-forward chain.

    Prevent brute attacks:

    • Block brute force attack, ban_loglimit (enabled/disabled): Enable or disable monitoring for brute-force attacks.
    • Ban after x failed access, ban_logcount (text, number): Specify how many times an IP must appear in the log to be considered suspicious.
    • Pattern to search for attacks, ban_logterm (list): Display regex for logfile parsing (visible only if ban_loglimit is enabled).
    • Prevent ICMP DoS, ban_icmplimit (enabled/disabled): Detect ICMP DoS in prerouting chain
    • Prevent SYN DoS, ban_synlimit (enabled/disabled): Detect SYN DoS in prerouting chain
    • Prevent UDP DoS, ban_udplimit (enabled/disabled): Detect UDP DoS in prerouting chain
    • Add to the description that attacker IP will be blocked for 30 minutes

Notes:

Resources:

Tbaile commented 4 days ago

Backend appears to be ready, not merging until UI is available