fail2ban
fail2ban copied to clipboard
Whitelisting by subnet does not work
Hello. Plugin's config reading fails with an error "not valid".
Prerequisites:
Traefik version 2.9.5 fail2ban version v0.6.6
middlewares.yml:
http:
middlewares:
mw-fail2ban:
plugin:
fail2ban:
rules:
bantime: 1h
findtime: 1s
enabled: true
maxretry: 50
ports:
- 443
blacklist:
ip: []
whitelist:
ip:
- 192.168.1.0/24
The result:
$ docker-compose up traefik
Starting dup-traefik ... done
Attaching to dup-traefik
dup-traefik | time="2023-06-08T20:05:41+03:00" level=info msg="Configuration loaded from flags."
dup-traefik | IPChecking: 2023/06/08 20:05:42 restricted.go:51: &{%!e(string=CIDR address) %!e(string=║24║192.168.1.0/24)}
dup-traefik | IPChecking: 2023/06/08 20:05:42 restricted.go:51: Error: ║24║192.168.1.0/24 not valid
Suggestions
After looking through ipChecking.go
I can assume that the problem is around line 46 -- according to docs, net.ParseIP
does not expect a subnet in an input string, that's what net.ParseCIDR
is for.