Terms of use.
The rules that govern your use of the fail2zig source code, the fail2zig name and mark, and this website. Plain language. If a section ever contradicts the AGPL-3.0-or-later licence text itself, the licence wins.
AGPL-3.0-or-later. The licence governs.
The fail2zig source code is licensed under the
GNU Affero General Public License, version 3 or later (AGPL-3.0-or-later). The canonical licence text lives in the repository at
LICENSE
and is incorporated here by reference.
The licence governs your right to use, study, modify, and redistribute the code. Nothing on this site grants rights the licence itself does not. Nothing on this site removes obligations the licence places on you.
Affero provision: if you run a modified version of fail2zig as a network service, you must offer the corresponding source of your modifications to the users of that service. This is not an afterthought; it is a deliberate choice for a security tool that handles attacker-controlled input. A fork the public cannot audit is one the public should not be relying on.
Trademark on the word and the logo.
The code is free. The identity is not. Forks are welcome; forks that ship as "fail2zig" are not.
The word fail2zig and the accompanying logo / brand mark are trademarks of ul0gic. Use of the mark in a way that suggests official endorsement, affiliation, or equivalence is not permitted without written permission.
Reference fail2zig by name factually (“compatible with fail2zig”, “migrated from fail2zig”, “a fork of fail2zig”). Link to this site. Distribute unmodified release binaries under their original name.
Ship a modified fork under the fail2zig name or the fail2zig logo.
Register confusingly similar names or domains. Imply ul0gic endorses your downstream distribution.
Use the name as a company, product, or service identifier without written permission.
Fork freely under the AGPL, but ship your fork under a different name and without the fail2zig logo. A different name does not imply the fork is lesser — it means the public can reason about which project they are running.
As-is. Use at your own risk.
fail2zig is provided AS IS, WITHOUT WARRANTY OF ANY KIND, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and non-infringement. This mirrors the AGPL-3.0 disclaimer and applies here in full.
You run a root-privileged security daemon on your own infrastructure. The operational consequences of that decision — correctly or incorrectly banning an IP, interacting with your firewall, integrating with your log pipeline — are yours to verify. The project documents its behaviour in the docs and its security posture in the threat model, but documentation is not a warranty.
What happens on your servers is yours.
To the maximum extent permitted by applicable law, ul0gic and any contributors are not liable for any direct, indirect, incidental, special, consequential, or exemplary damages arising from the use or inability to use fail2zig. This includes damages for lost profits, lost data, business interruption, or missed bans, even if advised of the possibility.
Using fail2zig against third-party infrastructure you do not own or operate is your responsibility. fail2zig is a defensive tool for protecting hosts you control. It is not a weapon, and running it in offensive contexts is not a use the project endorses or supports.
If you find a vulnerability, tell us privately.
Security vulnerabilities in fail2zig are reported via GitHub's private security advisory
form:
github.com/ul0gic/fail2zig/security/advisories/new. Do not open a public issue for a security vulnerability. Full policy lives in the
repository
SECURITY.md.
Researchers reporting in good faith within the stated scope will not be pursued legally. We commit to a 48-hour acknowledgement and a best-effort initial assessment within 14 days.
Missouri, USA.
These terms are governed by the laws of the State of Missouri, United States, without regard to its conflict-of-law provisions.
Any dispute not settled informally is subject to the exclusive jurisdiction of the state and federal courts located in Missouri.
If any provision of these terms is held unenforceable, the remainder stays in effect.
Material changes are flagged in the site changelog. The current version and effective date appear at the top of this page.
How to reach us.
Use the channel that matches the topic. Privacy questions go elsewhere — see the privacy policy.
hello@fail2zig.com