Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
DisWall is a real-time distributed firewall extension for Linux servers, designed primarily to block port scans, bot probes, and some brute-force traffic. It claims to hide servers from scanner indexes such as Shodan, ZoomEye, and Censys, while reducing large amounts of “parasitic” access traffic. Rather than replacing a firewall, it maintains allowlists and blocklists on top of nftables or iptables/ipset.
In terms of protection, DisWall focuses on inactive port scanning, SSH brute-force attacks, and Postfix SASL authentication errors. Deployment requires a Linux server with nftables, or iptables plus ipset, and it relies on journald for log reading and systemd for service management. In distributed mode, the client connects to its NATS server and receives banned IPs from a honeypot network in real time. If you do not register, you can still test it with default credentials, but you will not receive the latest attacker IPs. It also supports a local mode, so even when the central service is unavailable, it can still block sources scanning the local machine.
Management is mainly handled via the command line, with support for installation, updates, uninstallation, rule editing, a text-based interface, debugging, and whitelist/blacklist additions or removals. Troubleshooting relies on traditional operations tools and commands such as syslog, ipset save, and iptables flush. Integration coverage includes nftables, iptables, ipset, journald, systemd, NATS, SSH, and Postfix scenarios. Its privacy statement is relatively clear: it is open source, does not use cookies, allows statistics reporting to be disabled, and states that it only collects bad IPs and traffic counts. Registration involves basic information such as email address and access IP.
Pricing is split between Free Forever and Enterprise. The free plan requires users to share malicious IPs in order to receive the anti-scanning subscription. The Enterprise plan requires contacting the team, with no disclosed pricing, SLA, or clear boundaries for advanced features. Its strengths are that it is open source, lightweight, tightly integrated with the system firewall, and able to quickly synchronize malicious IPs via a distributed honeypot. Its downsides are the relatively high configuration barrier and the risk that misconfiguration could affect legitimate access or SSH. It is also not a full WAF, EDR, or cloud security platform, and information on compliance certifications and enterprise support is limited.
DisWall is better suited to individual webmasters, operations teams, and server administrators familiar with Linux firewalls who want to reduce scanning noise—especially for hosts exposing SSH, SMTP, or web services. The provided text does not describe access conditions from China, so the stability of the domain, registration email, GitHub downloads, and NATS connections on domestic Chinese networks cannot be assessed. Payment methods are also not specified. If you need a more controllable alternative within China, you may consider Fail2ban, CrowdSec, cloud provider security groups/host security products, or self-built policies based on nftables/iptables.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on diswall.stream official site.
diswall.stream is an Unknown Security provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach diswall.stream directly.