docker-fail2ban icon indicating copy to clipboard operation
docker-fail2ban copied to clipboard

Published 20 hours ago verified publisher icon crazy-max

Synology - IPs reported as banned are not banned for containers

Open Davo1624 opened this issue 2 years ago • 1 comments

Services (ssh for example) are properly banned but not containers. After being reported as banned from bitwarden I can still login with correct user/pass. Below is my general config (yes the vaultwarden log path is correct, I know it's confusing):

docker-compose: version: "3.5" services: fail2ban: image: crazymax/fail2ban:latest container_name: fail2ban network_mode: host cap_add: - NET_ADMIN - NET_RAW volumes: - /volumeUSB1/usbshare/docker/fail2ban:/data - /volumeUSB1/usbshare/docker/authelia:/authelia - /volumeUSB1/usbshare/docker/vaultwarden:/vaultwarden - /var/log:/synology environment: - TZ=America/New_York - F2B_LOG_TARGET=STDOUT - F2B_LOG_LEVEL=INFO - F2B_DB_PURGE_AGE=30d restart: unless-stopped privileged: true

f2b log: today at 5:04:08 PM 2021-07-22 17:04:08,116 fail2ban.filter [1]: INFO [bitwarden] Found 209.202.237.103 - 2021-07-22 17:04:08 today at 5:04:47 PM 2021-07-22 17:04:47,788 fail2ban.filter [1]: INFO [bitwarden] Found 209.202.237.103 - 2021-07-22 17:04:47 today at 5:04:48 PM 2021-07-22 17:04:48,998 fail2ban.filter [1]: INFO [bitwarden] Found 209.202.237.103 - 2021-07-22 17:04:48 today at 5:04:49 PM 2021-07-22 17:04:49,939 fail2ban.filter [1]: INFO [bitwarden] Found 209.202.237.103 - 2021-07-22 17:04:49 today at 5:04:50 PM 2021-07-22 17:04:50,682 fail2ban.actions [1]: NOTICE [bitwarden] Ban 209.202.237.103 today at 5:04:50 PM 2021-07-22 17:04:50,743 fail2ban.filter [1]: INFO [bitwarden] Found 209.202.237.103 - 2021-07-22 17:04:50

jail.d/bitwarden.local: [DEFAULT]

ignoreip = 127.0.0.1/8 192.168.1.0/24 #Ban for 30 days bantime = 2592000 findtime = 86400 maxretry = 4 backend = auto action = iptables-allports[name=bitwarden] cloudflare-apiv4

[bitwarden]

enabled = true port = http,8081,https filter = bitwarden logpath = /vaultwarden/vaultwarden.log chain = DOCKER-USER

sudo iptables -S | grep f2b: -N f2b-bitwarden -A INPUT -p tcp -j f2b-bitwarden -A INPUT -p tcp -j f2b-bitwarden -A f2b-bitwarden -s 209.202.237.103/32 -j DROP -A f2b-bitwarden -j RETURN -A f2b-bitwarden -j RETURN

Any help or insight would be greatly appreciated!

Davo1624 avatar Jul 22 '21 21:07 Davo1624

@Davo1624 It works for me using the FORWARD chain instead of DOCKER-USER chain.

Madh93 avatar Jul 24 '22 00:07 Madh93