SikkerGuard – Kernel-level malicious IP blocker in a Docker container

Summary: SikkerGuard is a Docker container that blocks known malicious IPs at the kernel level using iptables and ipset by pulling SikkerAPI’s threat blacklist. It runs alongside services with minimal configuration, auto-whitelists trusted networks, logs blocked connections in real time, and supports automatic rollback on connectivity issues.

What it does

SikkerGuard fetches the SikkerAPI threat blacklist and blocks malicious IPs at the kernel level within a Docker container. It requires only an API key, auto-whitelists gateway and LAN addresses, and reports blocked IPs to a dashboard.

Who it's for

It is designed for homelabs, bare metal servers, VPS users, and small operators seeking network-level protection without complex firewall setups.

Why it matters

It prevents malicious traffic from reaching services by blocking threats early, reducing exposure to attacks with minimal configuration.