CLI Commands
Complete reference for the vistoshield command-line tool used to manage the daemon, firewall rules, and IP blocks.
Daemon Control
| Command | Description |
|---|
vistoshield start | Start the daemon. Loads configuration, applies firewall rules, and begins monitoring. |
vistoshield stop | Stop the daemon gracefully. Firewall rules remain in place. |
vistoshield restart | Stop and restart the daemon. Reloads configuration and reapplies all rules. |
vistoshield status | Show daemon status, uptime, number of blocked IPs, and feature states. |
IP Management
| Command | Description |
|---|
vistoshield block <IP> [seconds] | Block an IP address. Optional duration in seconds (default: permanent). Supports IPv4, IPv6, and CIDR notation. |
vistoshield unblock <IP> | Remove an IP from the active block list. |
vistoshield list | List all currently blocked IPs with block reason, time remaining, and source. |
vistoshield list --type <type> | Filter blocked IPs by type: lfd, bot, rate, manual, conntrack. |
vistoshield allow <IP> | Add an IP to the permanent allow list (allow.list). |
vistoshield deny <IP> | Add an IP to the permanent deny list (deny.list). |
Signature Management
| Command | Description |
|---|
vistoshield update-signatures | Download and merge latest bot signatures from the VistoShield repository. |
vistoshield update-signatures --quiet | Silent mode for cron jobs — only output on errors. |
vistoshield update-geoip | Update the MaxMind GeoLite2 database for country blocking. |
List Management
| Command | Description |
|---|
vistoshield reload-lists | Reload allow.list and deny.list without restarting the daemon. |
vistoshield flush | Remove all temporary blocks. Permanent deny list entries are not affected. |
Warning: vistoshield flush removes all active blocks immediately. Use with caution on production servers as previously blocked attackers will regain access until re-detected.
Diagnostics
| Command | Description |
|---|
vistoshield status --bots | Show bot detection statistics: matched signatures, blocked bots, rDNS checks. |
vistoshield status --conntrack | Show connection tracking stats: top IPs by connection count. |
vistoshield check <IP> | Check if an IP is currently blocked, allowed, or has recent activity. |
vistoshield log [--lines N] | Show last N lines from the daemon log (default: 50). |
vistoshield version | Display the installed VistoShield version. |
Usage Examples
Block an IP for 1 hour
vistoshield block 203.0.113.50 3600
Permanently block a CIDR range
vistoshield deny 198.51.100.0/24
Check why an IP was blocked
vistoshield check 203.0.113.50
Sample output:
IP: 203.0.113.50
Status: BLOCKED
Reason: LFD_SSHD (5 failures)
Blocked at: 2026-03-28 14:22:01
Expires at: 2026-03-28 15:22:01
Remaining: 47m 33s
View status summary
vistoshield status
Sample output:
VistoShield v1.0.0 — Running (PID 12345)
Uptime: 3 days, 7 hours
Backend: nftables
Blocked IPs: 142 (IPv4: 128, IPv6: 14)
Features: rate_limit=ON brute_force=ON bot_sigs=ON lfd=ON conn_track=ON
Testing mode: OFF
Auto-update signatures via cron
# Add to root's crontab
0 4 * * * /usr/local/bin/vistoshield update-signatures --quiet
0 3 * * 0 /usr/local/bin/vistoshield update-geoip --quiet
Exit Codes
| Code | Meaning |
|---|
0 | Success |
1 | General error |
2 | Invalid arguments |
3 | Permission denied (not running as root) |
4 | Daemon not running (for commands that require it) |