Building a Custom IP Filtering System for Public Servers with Automated Whitelisting

Recently I encountered a situation where my public server was constantly subjected to port scanning and malicious login attempts. Traditional measures such as internal network isolation, stronger password policies, certificate‑based login, and firewall rules (iptables, ufw, firewall‑cmd) proved either unsuitable or too cumbersome for a simple internet‑facing host.

Because the server lacks a complex network topology, internal isolation is impossible, and constantly changing IP addresses make manual password updates and firewall rule adjustments impractical. Moreover, bastion‑host solutions feel heavyweight and are not freely available.

To address these challenges, I decided to develop a lightweight IP‑filtering system that can automatically add an IP to a whitelist after a successful request, eliminating the need for manual rule changes.

The resulting project, completed within a few hours, includes the following features:

Multi‑process support

Concurrency handling

Daemon process

Web‑based management panel for IP whitelist control

Traffic statistics

Interception logs

The implementation can be achieved in four straightforward steps:

Simple IP filtering.

Integration with the ThinkPHP command‑line interface.

Development of the web management panel.

Advanced optimizations for better performance and detailed traffic statistics.

For detailed instructions on each step, refer to the original article linked at the end of the source.