fail2ban icon indicating copy to clipboard operation
fail2ban copied to clipboard

Published 20 hours ago verified publisher icon tomMoulard

Whitelisting by subnet does not work

Open delameter opened this issue 1 year ago • 4 comments

Hello. Plugin's config reading fails with an error "not valid".

Prerequisites:

Traefik version 2.9.5 fail2ban version v0.6.6

middlewares.yml:

http:
  middlewares:
    mw-fail2ban:
      plugin:
        fail2ban:
          rules:
            bantime: 1h
            findtime: 1s
            enabled: true
            maxretry: 50
            ports:
              - 443
          blacklist:
            ip: []
          whitelist:
            ip:
              - 192.168.1.0/24

The result:

$ docker-compose up traefik 
Starting dup-traefik ... done
Attaching to dup-traefik
dup-traefik   | time="2023-06-08T20:05:41+03:00" level=info msg="Configuration loaded from flags."
dup-traefik   | IPChecking: 2023/06/08 20:05:42 restricted.go:51: &{%!e(string=CIDR address) %!e(string=║24║192.168.1.0/24)}
dup-traefik   | IPChecking: 2023/06/08 20:05:42 restricted.go:51: Error: ║24║192.168.1.0/24 not valid

Suggestions

After looking through ipChecking.go I can assume that the problem is around line 46 -- according to docs, net.ParseIP does not expect a subnet in an input string, that's what net.ParseCIDR is for.

delameter avatar Jun 08 '23 17:06 delameter