FoxyFy Firewall (FFF)
Ultra-Lightweight Firewall
FoxyFy Guard (FFG) — Firewall control without the bloat.
FoxyFy Guard unifies nftables control into a minimal, self-verifying firewall layer that ensures correct configuration, detects conflicts, and maintains predictable security behavior — without the overhead of traditional firewall frameworks.
Designed for efficiency, FoxyFy Guard maintains an exceptionally small footprint and generates compact, highly focused rule sets. This streamlined structure reduces firewall workload, improves rule evaluation speed, and avoids the performance penalties of bloated, overly complex firewall configurations.
FoxyFy Ban (FFB) — Smart, automatic blocking
FoxyFy Ban adds an adaptive protection layer on top of FoxyFy Guard, watching system and application logs for abusive patterns and converting them into precise, time-bound firewall bans. Instead of brittle regex jungles or opaque daemons, FFB feeds clean, deterministic decisions straight into nftables — so every block is traceable, reversible, and fully under your control.
Built with the same lean philosophy as Guard, FoxyFy Ban avoids heavy sprawling rule sets. It tracks only what matters, groups repeated offenders efficiently, and expires bans automatically to keep your firewall fast and tidy. The result: fewer open attack surfaces, less noise, and a compact, self-cleaning ban system that protects aggressively without turning into another source of complexity.
Why FoxyFy?
Because it delivers everything a modern server needs — ultra-fast, reloadable, and ready out of the box.
Streamlined rule set = faster operation
Explicit ICMP handling
Single self-contained binary
Detailed logging and error reports
Lightweight design with minimal RAM usage
Secure by default: Default-deny
Exclusive features — only on FoxyFy
Cutting-edge capabilities you won’t find in any other firewall.
Hot reload of config — zero downtime
JSON config diagnostics
Single JSON config — no YAML
nftables effective rules check
Predefined profiles
Firewall health check
Health check
cmdDoctor makes sure your system is actually ready for FoxyFy Guard/Ban before you rely on it:
- Verifies that FFG/FFB has the permissions it needs to manage nftables.
- Confirms that the config can be loaded cleanly (no broken or unreadable config).
- Checks that the nft binary is installed and available in PATH.
Live Ruleset Consistency & Conflict Detection
cmdCheck validates that the running firewall state matches what FoxyFy Guard/Ban expects:
- Ensures the inet ffg/ffb table exists when FFG/FFB is enabled – and is gone when FFG/FFB is disabled.
- Confirms that the input chain is present in the ruleset.
- Scans all hook input entries, clearly marking FFG/FFB’s own hook and listing any others.
- Detects common helpers like fail2ban, and warns if other firewalls or helpers might be hooking into input as well.
Compare FoxyFy
UFW installs well over a hundred individual files for its Python-based orchestration layer, while nftables adds a separate service and configuration mechanism to manage rulesets at system level. FoxyFy Guard replaces both approaches with a unified native firewall controller, delivering comparable functionality through a minimal, self-contained design and a simplified command set focused on predictable operation.
Fail2ban installs a full Python stack, hundreds of config snippets, and a permanent daemon to police multiple services, layering complex filters and actions on top of your firewall. FoxyFy Ban is a focused, SSH-only banning layer that reads authentication logs directly and hands precise, time-bound blocks to nftables via FoxyFy Guard — delivering comparable SSH hardening with a fraction of the files, memory usage, and operational complexity.
UFW | nftables.service | fail2ban | FoxyFy Guard | FoxyF Ban | |
|---|---|---|---|
Package size | ~1.5–2.5 MB | ~180–190 KB | ~ 5–10 MB | 2.5 MB | 2.6 MB |
Package files | ~150–220 | ~30 | ~ 300–500 | 3 | 2 |
RAM / boot time | 1.7 MB / 60 ms | 2.1 MB / 33 ms | ~ 25–80 MB | 3.6 MB / 36 ms | 3,5 MB |
Execution model | Python-based | systemd unit | Python-based | Native compiled binary |
Package size & files — On-disk install (binary + configs + modules + core OS libs).
FoxyFy Guard (FFG) stands out by redefining what a modern firewall controller should be. Instead of heavyweight service layers, sprawling rule frameworks, and verbose command structures, FFG consolidates firewall control into a single, native solution with just a few files and a sharply reduced command set. The result: comparable protection, dramatically less overhead, and unmatched operational clarity.
FoxyFy Ban (FFB) focuses on the single most dangerous public entry point: SSH. Instead of trying to “ban everything everywhere” with complex regex jungles, FFB is intentionally designed as an SSH-only shield. It continuously inspects authentication activity, detects brute-force and spray attacks, and feeds precise, time-bound bans directly into FoxyFy Guard’s nftables layer.
By narrowing its scope to SSH, FoxyFy Ban stays lean, predictable, and easy to reason about. There are no sprawling rule sets, no noisy side effects on unrelated services, and no mystery blocks to debug. You get exactly what you expect: aggressive, automated blocking of hostile SSH traffic, minimal overhead, and a cleaner, safer perimeter for the one port you can’t afford to get wrong.
Ready to FoxyFy?
FoxyFy Firewall (FFF) is included as a core security component of the FoxyFy platform. It provides baseline firewall protection for every node at no additional cost, establishing a secure foundation for all paid FoxyFy services such as FoxyFy Server, Mail and CDN.
FFF LICENSE (30)