Jump to letter: [
N
]
nginx-module-nftset-access (x86_64) - Zero-latency IP blocking using Linux kernel nftables sets
- Description:
High-performance NGINX module for IP-based access control using Linux kernel nftables sets.
Key Features:
- Blacklist/Whitelist modes: Block or allow IPs based on nftables set membership
- Multiple sets: Check against multiple nft sets in one directive
- Live updates: Modify nft sets without reloading NGINX
- Honeypot auto-add: Automatically add malicious IPs to nftables sets with configurable timeouts
- Built-in rate limiting: Per-IP rate limiting with auto-ban to nftables sets
- JavaScript challenges: Proof-of-work challenges to filter bots
- Dual-stack support: Works with both IPv4 and IPv6 nftables sets
- Custom status codes: Return any HTTP status when blocking
- CIDR support: Use interval sets for network ranges
- Prometheus metrics: Native /metrics endpoint for monitoring
- JSON stats API: Detailed statistics endpoint
- LRU cache: Shared memory cache for high-performance lookups
Successor to ipset-access module, using modern nftables instead of legacy ipset.
Compatible with realip module for proper client IP detection behind proxies.
Note: This module requires CAP_NET_ADMIN capability. The selinux subpackage
includes a systemd override and helper library to enable this automatically.
To enable this module after installation, add the following to /etc/nginx/nginx.conf
and reload NGINX:
load_module modules/ngx_http_nftset_access.so;
Alternatively, you can enable all installed modules by placing this line at the top of /etc/nginx/nginx.conf:
include /usr/share/nginx/modules/*.conf;
How to Install nginx-module-nftset-access (x86_64)
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm
sudo dnf -y install dnf-plugins-core
sudo dnf config-manager --enable getpagespeed-extras-mainline
sudo dnf -y install nginx-module-nftset-access
Packages