Kernel-Level Blocking
nftables rules block attackers at the Linux kernel before packets reach your applications. Zero overhead, maximum speed.
Network Security Redefined
誠 — Guard with Integrity
Your firewall isn't enough. Even sealed ports, Cloudflare and a proxy won't stop 4,000 attacks hitting your server every 24 hours. Chéng watches behavior — and stops what everything else misses.
The Reality
Modern attackers don't care about your firewall rules. They probe every port, rotate IPs, hammer SSH with botnets and fingerprint your stack looking for anything you missed. Standard defenses were built for a different era.
Chéng was built for this era.
While your firewall checks rules, Chéng watches behavior. The moment an attacker reveals their pattern, they're blocked. Under 1ms. Persisted. You get a Telegram card. They don't get a second chance.
Capabilities
Chéng runs three dedicated threads — packet capture, pattern detection and auto-blocking — so your server never slows down while staying protected.
nftables rules block attackers at the Linux kernel before packets reach your applications. Zero overhead, maximum speed.
Detects and blocks port scan, brute force, ddos, c2 beacon, wan probe, 404 bot, dns amp, multicast flood and wp bot — automatically.
Watch attacks light up on a world map as they happen. GeoIP data shows exactly where every attacker is coming from.
Instant attack notifications with IP, country, attack pattern, port, GPS coordinates and a Google Maps link — right to your phone.
Pre-loaded ipsum blocklist stops known bad actors before they even knock. Updated automatically.
Built-in site monitor watches all your services. Detects failures and auto-restarts individual services without cascading restarts.
Architecture
Packet Capture
libpcap monitors your network interface in real time, capturing every inbound packet before it reaches userspace.
Pattern Detection
9 attack signatures detected and neutralized at the kernel level — before threats ever reach your applications.
Instant Block
Confirmed attackers are immediately added to nftables. The block persists across reboots and is logged with full GeoIP data.
You Get Notified
A Telegram card arrives with the attacker's full profile — country, coordinates, attack pattern, targeted port and Maps link.
In Action
Watch the pattern engine detect and block a real DDoS attack as it unfolds — live threat map, Telegram notifications and all.
Demo video coming soon
vs The Competition
Fail2ban reads logs. CrowdSec checks a community list. Chéng watches packets at the kernel level — before anything touches your stack.
| FEATURE | 誠 CHÉNG | Fail2ban | CrowdSec | CSF Firewall |
|---|---|---|---|---|
| Detection method | Packet-level behavior | Log file scanning | Log + community list | Log + iptables rules |
| Block speed | < 1ms kernel-level | Seconds (log delay) | Seconds (log delay) | Seconds (log delay) |
| DDoS detection | ✦ Real-time | ✕ Limited | ~ Via scenarios | ~ Flood protection |
| C2 beacon detection | ✦ Yes | ✕ No | ✕ No | ✕ No |
| Live threat map | ✦ Yes | ✕ No | ~ Dashboard only | ✕ No |
| Telegram alerts | ✦ Yes — per attack | ✕ No | ✕ No | ✕ No |
| GeoIP + coordinates | ✦ Full GPS data | ✕ No | ~ Country only | ~ Country block |
| Self-healing services | ✦ Yes | ✕ No | ✕ No | ✕ No |
| Pre-loaded blocklist | ✦ 2,700+ IPs | ✕ No | ✦ Community list | ✕ No |
| Starting price | $15/mo | Free | Free / $29+/mo dashboard | Free |
Fail2ban and CrowdSec are free open-source tools. Chéng is purpose-built for operators who need real-time visibility and don't want to piece together their own stack.
Plans
Every plan includes real-time blocking, Telegram alerts and the live threat map. No hidden fees.
Guardian
$15
per month
Sentinel
$35
per month
Fortress
$99
per month
Questions
Early Access
Chéng is in active development. Join the waitlist for early access, launch pricing and updates.
Joining waitlist...