Open Source · GPL v2 · Since 2002
Linux security tools forged from real-world threats
Lightweight, shell-native tools for malware detection, firewall management, and intrusion prevention. Built from threat data collected at the network edge and trusted by thousands of production Linux environments.
355.3k
36.02M
2,068
Deployed across government, defense, education & enterprise networks
git clone https://github.com/rfxn/linux-malware-detect.git && cd linux-malware-detect && ./install.shRecent GitHub Activity
View allPushed to advanced-policy-firewall: pushed commits
Created branch 2.0.2 in advanced-policy-firewall
Activity in advanced-policy-firewall
Released v2.0.1 of advanced-policy-firewall
merged PR in advanced-policy-firewall
closed PR in liquidweb/gpubench
Featured Projects
View allLinux Malware Detect
A malware scanner for Linux designed around the threats faced in shared hosted environments. Uses threat data from network edge IPS, community resources, and ClamAV to detect actively exploited malware.
Advanced Policy Firewall
An iptables(netfilter) based firewall system for Linux servers. Provides three-fold filtering with static rules, stateful connection tracking, and sanity-based packet inspection.
Brute Force Detection
A modular shell script for parsing application logs and detecting authentication failures. Uses regex rules and integrates with APF, Shorewall, or raw iptables for blocking.
Quick Start
Get up and running in minutes. All tools install from source with a single command.
$ git clone https://github.com/rfxn/linux-malware-detect.git && cd linux-malware-detect && ./install.sh$ git clone https://github.com/rfxn/advanced-policy-firewall.git && cd advanced-policy-firewall && ./install.sh$ git clone https://github.com/rfxn/brute-force-detection.git && cd brute-force-detection && ./install.shBuilt for Real-World Linux Security
Threat-Driven Design
Built from real malware data collected at the network edge. Every detection signature comes from active threats seen in production hosting environments, not theoretical research.
Shell-Native & Lightweight
Pure bash with minimal dependencies. No agents, no daemons eating resources, no runtime interpreters. Runs on any Linux system from embedded devices to enterprise servers.
Community-Sustained
20+ years of open source development under GPL v2. No venture funding, no enterprise upsells. Sustained by the community of sysadmins who rely on these tools daily.
Protection Stack
Three tools, one defense-in-depth strategy. Layer them together for comprehensive Linux security.
Malware Detection
LMD
Scan & quarantine threats from real hosting threat data
Firewall Policy
APF
Stateful iptables filtering with reactive address blocking
Intrusion Prevention
BFD
Block brute-force auth attacks with modular log parsing
Connect
AboutSupport Open Source Security
R-fx Networks projects are entirely community-funded. If these tools help protect your infrastructure, consider contributing.