The roadmap depends essentially on the "End-of-Lifetime" (EOL) of the supported distribution.

The EOL of distributions is declared by the providers as follows:

Distribution EOL
Distribution LTS Full support Maintenance end (EOL)
  RedHat Enterprise Linux & Clones  
 RHEL 7  10 years   2024
 RHEL 8  10 years   2029
 Centos 7  10 years   2024, June
 Centos 8  *1) see below   2021, December
 Alma Linux RHEL 8  10 years   2029
 ORACLE Linux 7  10 years   2024
 ORACLE  Linux 8  10 years   2029, July
 Rocky Linux *2) see below   2029
   SuSE Linux Enterise Server (SLES) & Open SuSE "Leap"  
 SLES 12   - 2024, Oct
 SLES 15   - 2028, July
 Open SuSE "Leap"  36 Month -  
  Debian LTS & offsprings (e.g. Ubuntu)  
 Debian 9 LTS  24 months - ~2022, June
 Debian 10 LTS  24 months - ~2024, June
 Ubuntu 14.4 LTS  8 years 2019, April 2022, April
 Ubuntu 16.4. LTS  8 years 2021, April 2024, April
 Ubuntu 18.4. LTS  8 years 2023, April 2028, April
 Ubuntu 20.4. LTS 10 years 2025, April 2030, April


  1. IBM has bought RedHat in Oct-2019. The CentOS rendition was taken over by RedHat years before. Meanwhile RedHat has changed policy and has turned CentOS-8 into a 'rolling release'; i.e. no longer 'long-term support'. A CentOS-9 cannot be expected.
    So CentOS -as it was before- can be taken as dead.

  2. Rocky Linux is the successor of CentOS. The former CentOS community (lead by Gregory M. Kurtzer) started the whole thing new by the name 'Rocky Linux'. Currently the infrastructure is not completely rebuilt and by the time of this writing - only test distributions are available. (First 'beta' in Apr-2021). Since end of June 2021 Rocky Linux 8.4 is officially released and available for download and installation.


Watcher ... were it comes from and where it is going to ...

Revision  Milestone Year  State

Organized as a 'Hardening tool' by a monolytic Bash script "WatchFW".

Started on SuSE Linux  9.7 and ported to Centos 6 (Rev. 0.5) and later to Centos 7 (Rev. 0.8)

Tracking of security logs (sshd) and MTA (mail server) access by asyncronous scans and 'tail reading' of service log files. The firewall loads after system (re)starts took hours as the list of 'bandits' grows to several ten-thousands.

After a provider & server change in 2018 it still took 10-15 minutes to push all 'bandit' lists into the firewall.





  Revision 1    



Monolytic script (WatchFW) for login tracking and later 'maillog' tracking to determine burglars and attackers accessing the 'login service' & 'mail transport service' to keep burglars and SPAMers away.

  • Introduded 'Realtime Intrusion Detection' by direct feed from the system logger through FIFOs ('named pipes') into exclusive channels for each scanner.
  • Introduced recording of detected 'bandits' into exclusive databases which resulted in evenly and predictable processing times.

Tested on Centos 7.






  • Speedups to load the firewall in seconds(!)
    This was chiefly accomplished by use of AWK scripting.
  • Fully modularized into:
    • 'Watcher Master' (startup service & library)
    • Modules:
      • WatchLG (login scanner module)
      • WatchMX/WatchMB (MTA log & Mailbox access scanner)
    • DynLoader:
      • SpamHaus
      • NixSpam
  • Dynamic rules for modules
  • Partially introduced IPSETs for 'global dropping' from modules
    • timed ipset 'tarpit' (60 seconds per failed login or SPAM attempt)
    • permanent ipset 'custody' (to lockout bandits that exeed their 'affairs' limit)





(Available thru the online-shop)

Only for EL7 (e.g. CentOS-7)



  • Fully based on IPSETs  (already working perfectly)
    • now modules work fully dynamic and create their IPSETs on-the-fly
    • Lighting fast database expiration without affecting kernel's xtables with any 'wait cycles'
  • Tremendous speedups due to massive code consolidation and re-work of the dynamic filter system
  • Will come with a 'WEB service' module "WatchWB"
  • Adaption for Debian-like (e.g. Ubuntu) & SuSe-like systems (SLES & LEAP)





Release candidate RC1 available for registered users (7-Sep-2021)

Release candidate RC2 available for registered users (15-Nov-2021)



Released the 'complete package' including master & all modules




Available in the online shop as 'donationware' for a small donation as 'price'



Integrated GEOIP

Tremendous reduction of attacks that keeps the memory footprint & databases small.

See in the public Watcher Community News.



(beta testing)

Available in the 'nightly' package of the Watcher repository



Confined 1.3.1 and added a dynloader 'geo' and a (pseudo-)module 'GeoTrack'

The dynloader picks up the excellent data from '' from 'aggregated zone files' with CIDRs (complete sub-nets) assorted by countries.

The (pseudo-)module 'GeoTrack' collects the 'affairs' from the initial registration section of the regular modules "Watch-LG|MX/MB|WB" one-by-one and so only blocks malicious IP addresses, that are really attacking your server.


Currently testing. Release planned for Q3/'23.

Available in the 'nightly' package of the public Watcher repository.


1.? Maybe ... if the community comes up with wishes and requests    
  Revision 2 (Outlook Watcher-II)



With Rev. 2 Watcher will fully switch to 'Net Filter Tables' (nftables; NFT)

NFT integrates:

  • iptables & ip6tables,
  • arptables,
  • ebtables
  • integrates sets similar to 'ipset'

So there is only one user-space tool 'nft'  that does the jobs of formerly a real bunch of separate tools. Due to the integration of IPV4 & IPV6 into a new address family 'inet' it is much easier to extend Watcher to IPV6 which will probably come with Watcher 2.1 in the future.

Net-Filter-Tables comes with an completely different syntax and structure. The configuration files are 'block structured'. All the integration endevours created a pretty complex 'command language construction' that takes quite some re-writing  and re-organisation in the Watcher code.

For more detailed explanations about 'nftables' refer to the following links:





First tests started on RHEL-9 clone Alma-Linux

This system uses cookies, since it is essential to operate an online-shop. I am aware that cookies will store notes on my computer about the contact with the visited WEB site and I accept this.