Glossary
Definitions of terms used throughout the Bloqd documentation.
A
Action
A fail2ban action defines what happens when an IP is banned or unbanned. Actions can block IPs via firewall, send notifications, or report to external services.
Agent
The Bloqd agent is a Python application installed on managed servers. It communicates with the Bloqd dashboard, reports bans, syncs whitelists, and executes remote commands.
API Key
A secret token used to authenticate API requests. Bloqd API keys start with f2b_ and are hashed after creation (only shown once).
AbuseIPDB
A public database of malicious IP addresses. Bloqd can check banned IPs against AbuseIPDB and report new abuse.
B
Ban
When fail2ban blocks an IP address from accessing a service. Bans have a duration (ban time) and are recorded in the Bloqd dashboard.
Ban Time
The duration an IP remains banned. Can be set per jail. Common values: 600 (10 minutes), 3600 (1 hour), 86400 (1 day).
Bloqd
The centralized fail2ban management platform. Name derived from "blocked."
C
CEF (Common Event Format)
A log format standard used by many SIEM systems. Bloqd can export events in CEF format.
CIDR
Classless Inter-Domain Routing notation for IP ranges. Example: 192.168.1.0/24 represents 256 addresses.
Command Queue
A queue of pending commands to be executed on managed servers. Commands are processed by agents in order.
D
Dashboard
The Bloqd web interface for monitoring and managing fail2ban across servers.
F
fail2ban
An intrusion prevention software that scans log files and bans IPs showing malicious behavior. Bloqd manages fail2ban remotely.
Filter
A fail2ban filter defines patterns (regex) to match in log files. When patterns match, the findtime and maxretry thresholds determine if a ban occurs.
Find Time
The time window in which failures are counted. If an IP exceeds maxretry within findtime, it gets banned.
G
GeoIP
Geographic IP lookup. Bloqd uses MaxMind's GeoLite2 database to determine the country of banned IP addresses.
H
Heartbeat
A periodic signal sent by agents to the dashboard indicating the server is online. Default interval: 60 seconds.
I
Ignore IP
IPs or CIDR ranges that fail2ban should never ban. Managed centrally through Bloqd's whitelist feature.
J
Jail
A fail2ban jail is a combination of a filter and actions for a specific service. Example: the sshd jail monitors SSH login attempts.
JWT (JSON Web Token)
A token format used for authentication. Bloqd uses JWTs for web session authentication.
L
LEEF (Log Event Extended Format)
A log format used by IBM QRadar and other SIEM systems. Bloqd can export events in LEEF format.
License Tier
Bloqd's pricing levels: Free (1 server), Personal (3 servers), Pro (25 servers), Enterprise (unlimited).
M
Max Retry
The number of failures allowed within findtime before an IP is banned. Example: maxretry=5 means 5 failures trigger a ban.
MFA (Multi-Factor Authentication)
Additional security requiring a second factor (TOTP code) for login.
Module
An agent component providing specific functionality: reporter, sync, metrics, commands, health.
O
OAuth
Open Authorization protocol for delegated authentication. Bloqd supports GitHub and Google OAuth.
Operator
A Bloqd user role with permissions to manage bans and servers but not system settings.
P
Port Knocking
A security technique where a hidden service is revealed only after a specific sequence of connection attempts to closed ports.
Pro Feature
Functionality only available in Bloqd Pro or Enterprise tiers: SIEM, web terminal, port knocking.
R
RBAC (Role-Based Access Control)
Permission system where users are assigned roles (Admin, Operator, Viewer) that determine their access level.
Recidive
A special fail2ban jail that bans repeat offenders for longer periods. Monitors fail2ban's own log for banned IPs.
Reporter Module
Agent module that sends ban notifications to the Bloqd dashboard in real-time.
S
SIEM (Security Information and Event Management)
Systems that aggregate and analyze security events. Bloqd Pro can forward events to SIEM platforms.
Sync Module
Agent module that synchronizes the centralized whitelist to local fail2ban configuration.
Syslog
A standard protocol for message logging. Bloqd can send events to syslog servers (RFC 5424 format).
T
Template
A predefined jail configuration that can be deployed to servers. Bloqd includes 24 built-in templates.
TOTP (Time-based One-Time Password)
The algorithm used for MFA codes. Compatible with Google Authenticator and similar apps.
U
Unban
Removing a ban before it expires. Can be done manually from the dashboard or automatically.
V
Viewer
A Bloqd user role with read-only access to the dashboard.
W
WAL (Write-Ahead Logging)
SQLite journaling mode used by Bloqd for better concurrent access and crash recovery.
WebSocket
A protocol providing full-duplex communication. Bloqd uses WebSockets for real-time ban notifications.
Whitelist
IPs or CIDR ranges that should never be banned. Managed centrally in Bloqd and synced to all servers.
Abbreviations
| Abbr | Full Form |
|---|---|
| API | Application Programming Interface |
| CEF | Common Event Format |
| CIDR | Classless Inter-Domain Routing |
| CPU | Central Processing Unit |
| DNS | Domain Name System |
| FQDN | Fully Qualified Domain Name |
| HTTP | Hypertext Transfer Protocol |
| HTTPS | HTTP Secure |
| IP | Internet Protocol |
| JSON | JavaScript Object Notation |
| JWT | JSON Web Token |
| LEEF | Log Event Extended Format |
| MFA | Multi-Factor Authentication |
| RBAC | Role-Based Access Control |
| REST | Representational State Transfer |
| RFC | Request for Comments |
| SIEM | Security Information and Event Management |
| SMTP | Simple Mail Transfer Protocol |
| SQL | Structured Query Language |
| SSH | Secure Shell |
| SSL | Secure Sockets Layer |
| TLS | Transport Layer Security |
| TOTP | Time-based One-Time Password |
| URL | Uniform Resource Locator |
| UUID | Universally Unique Identifier |
| WAL | Write-Ahead Logging |
| YAML | YAML Ain't Markup Language |