Meds — “net healing” NFQUEUE firewall written in Go
251 views
Skip to first unread message
Nikita Loskutov
Oct 11, 2025, 5:52:28 AMOct 11
to golang-nuts
Hello there!
I made firewall for Linux PC/VPS using Golang and NFQUEUE.
Meds: net healing
https://github.com/cnaize/meds
Maybe someone will find it useful or interesting.
Anyway feedback is welcome
Jason E. Aten
Oct 11, 2025, 12:16:58 PMOct 11
to golang-nuts
meds is pretty interesting looking.
I like especially the per IP rate limiting feature. Is it possible to
white list some "known good" IPs (that are probably a
part of the local system) to opt out of the rate limiting? I'm
concerned about impacting my own systems, for instance.
Would it be possible to rate limit or block based on
geo-location and not just single IP?
Nikita Loskutov
Oct 11, 2025, 2:01:39 PMOct 11
to golang-nuts
Thank you for your feedback!
1. Yes, you can use integrated API to add IPs/Subnets to whitelist. In that case no rate limits will be applied.
Here is an example how to add 200.168.0.0/16 to the whitelist (more in README.md or api.go files):
curl -u admin:mypass -X POST http://localhost:8000/v1/whitelist/subnets -d '{"subnets": ["200.168.0.0/16"]}'
2. Geo location blocks not implemented yet, but it's not a big deal to do so if the project became popular.
1. Yes, you can use integrated API to add IPs/Subnets to whitelist. In that case no rate limits will be applied.
Here is an example how to add 200.168.0.0/16 to the whitelist (more in README.md or api.go files):
curl -u admin:mypass -X POST http://localhost:8000/v1/whitelist/subnets -d '{"subnets": ["200.168.0.0/16"]}'
2. Geo location blocks not implemented yet, but it's not a big deal to do so if the project became popular.
Nikita Loskutov
Oct 26, 2025, 6:17:42 AMOct 26
to golang-nuts
I added Swagger UI, so you can now use it instead of curl.
Check the project documentation for more details.
Check the project documentation for more details.
Thanks,
Nikita Loskutov
--
You received this message because you are subscribed to a topic in the Google Groups "golang-nuts" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/golang-nuts/SwBDJAsO_e4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to golang-nuts...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/c23ceca5-008a-42f1-ae65-249ab422e0een%40googlegroups.com.
Nikita Loskutov
4:26 AM (18 hours ago) 4:26 AM
to golang-nuts
Good news, everyone!
Meds (high-performance firewall powered by NFQUEUE and Go) v0.8.0 is out now!
Meds (high-performance firewall powered by NFQUEUE and Go) v0.8.0 is out now!
What's new:
- Geo-blocking (ASN-based): Efficient country blocking using lightweight ASN metadata (IPLocate.io data). The configuration is dynamic via the built-in API/Swagger UI.
- ASN/TLS filtering: Integration with Spamhaus DROP, Abuse.ch SSLBL (JA3 fingerprints).
- Improved Rate Limiter: Optimized token bucket algorithm for better flood protection.
- Optimized core: decoupled reader/worker/logger model
Github link: https://github.com/cnaize/meds
Any feedback is welcome!
Thanks,
Nikita Loskutov
Reply all
Reply to author
Forward
0 new messages