Malin/krawl.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
krawl.es/plugins/nftables/README.md
BlessedRebuS 8c81dccc3b added iptables and nftables integration
2026-02-23 01:23:49 +01:00

3.1 KiB
Raw Permalink Blame History

Nftables + Krawl Integration

Overview

This guide explains how to integrate nftables with Krawl to automatically block detected malicious IPs at the firewall level. Nftables is the modern replacement for iptables on newer Linux systems and provides more efficient IP set-based blocking.

Architecture

Krawl detects malicious IPs
         ↓
Stores in database
         ↓
API endpoint
         ↓
Cron job fetches list
         ↓
Nftables firewall blocks IPs
         ↓
All traffic from banned IPs dropped

Prerequisites

  • Modern Linux system with nftables installed (Ubuntu 22+, Debian 12+, RHEL 9+)
  • Krawl running with API accessible
  • Root/sudo access
  • Curl for HTTP requests
  • Cron for scheduling

When to Use Nftables

Check if your system uses nftables:

sudo nft list tables

If this shows tables, you're using nftables. If you get command not found, use iptables instead.

Installation & Setup

1. Create the krawl-nftables.sh script

#!/bin/bash


curl -s https://your-krawl-instance/your-dashboard-path/api/get_banlist?fwtype=iptables > /tmp/ips_to_ban.txt


sudo nft add set inet filter krawl_ban { type ipv4_addr \; } 2>/dev/null || true


while read -r ip; do
  [[ -z "$ip" ]] && continue
  sudo nft add element inet filter krawl_ban { "$ip" }
done < /tmp/ips_to_ban.txt


sudo nft add rule inet filter input ip saddr @krawl_ban counter drop 2>/dev/null || true


rm -f /tmp/ips_to_ban.txt

Make it executable:

sudo chmod +x ./krawl-nftables.sh

2. Test the Script

sudo ./krawl-nftables.sh

3. Schedule with Cron

Edit root crontab:

sudo crontab -e

Add this line to sync IPs every hour:

0 * * * * /path/to/krawl-nftables.sh

Monitoring

Check the Blocking Set

View blocked IPs:

sudo nft list set inet filter krawl_ban

Count blocked IPs:

sudo nft list set inet filter krawl_ban | grep "elements" | wc -w

Check Active Rules

View all rules in the filter table:

sudo nft list table inet filter

Find Krawl-specific rules:

sudo nft list chain inet filter input | grep krawl_ban

Monitor in Real-Time

Watch packets being dropped:

sudo nft list set inet filter krawl_ban -a

Management Commands

Manually Block an IP

sudo nft add element inet filter krawl_ban { 192.168.1.100 }

Manually Unblock an IP

sudo nft delete element inet filter krawl_ban { 192.168.1.100 }

List All Blocked IPs

sudo nft list set inet filter krawl_ban

Clear All Blocked IPs

sudo nft flush set inet filter krawl_ban

Delete the Rule

sudo nft delete rule inet filter input handle <handle>

References

Reference in New Issue View Git Blame Copy Permalink