Firewall (MEF) for free – Linux Firewall (CSF) & Auto-Ban (Fail2ban)

Firewall (MEF) - Lightweight Linux Security

Firewall (MEF) (free) – Lightweight Linux Firewall + Auto-Ban Engine

Malware.Expert Firewall (MEF) is a lightweight Linux firewall and automatic IP ban engine — a simple, modern alternative to UFW, CSF, and Fail2Ban. It combines persistent firewall management with dynamic log-based auto-banning and integrates natively with systemd and FreeBSD services

Core Features & Benefits

  • Designed for modern Linux: Developed and tested on Debian/Ubuntu, compatible with most distributions that provide nftables or iptables.
  • Dynamic Auto-Ban (mefdaemon): Monitors systemd-journald (journalctl) and/or log files to block abusive IPs automatically.
  • Nftables-native: Built for modern Linux kernels with nftables support, with fallback to iptables where needed.
  • Modular design: Run the firewall service and the auto-ban daemon independently or together.
  • Ultra-lightweight: No Python/Perl dependencies. Minimal CPU and memory footprint.
  • IPv4 + IPv6: Dual-stack ready for modern deployments.
  • RBL Support: Query DNS-based Real-time Blackhole Lists (RBLs) to proactively block known malicious IP addresses before connection establishment.
  • Community Cloud Protection: Optional cloud threat lookups (community_cloud_protection) to block known malicious IPs via cloud-driven intelligence.
  • Port Scan Detection (PS): Detect and block scanning behavior by monitoring unique destination ports over time.
  • Flexible Whitelisting & Blacklisting: Support for static and dynamic IP allow/deny lists with automatic reload.

Quick Start

Download, install, configure, then enable protection: 

# 1) Download latest release
wget https://github.com/jwillberg/mef/archive/refs/heads/main.zip

# 2) Extract and install
unzip main.zip
cd mef-main
chmod +x install.sh
sudo ./install.sh

# 3) Configure (required)
sudo nano /etc/mef/mef.conf
sudo nano /etc/mef/mef.rules

# 4) Optional modules
ls -la /etc/mef/rules.d/

# 5) Validate + apply
mefctl rules validate
mefctl rules apply

# 6) Enable services
mefctl enable

Tip: keep console/rollback access before applying firewall changes remotely.

Compatibility & Requirements

Requires nftables (preferred) or iptables, kernel Netfilter support, and log access via systemd-journald (journalctl) and/or standard log files.
Systemd-based distributions are recommended.

License: Firewall (MEF) is distributed free of charge as proprietary software. Source code is not publicly available. Malware.Expert reserves the right to update, modify, or discontinue the software.