Comments (25)
crazy-max
commented on June 1, 2024
1
Nope my comment as a quick workaround
from docker-fail2ban.
onedr0p
commented on June 1, 2024
1
No problem, with your image I was successful in my project: I use Traefik as my reverse proxy on my VMs and Cloudflare to proxy to that from WAN. I needed to check the Traefik access logs for 401 un-authorized messages and ban IPs in Cloudflare where there were failures logging in with basic auth. My homelab just got a little more hardened ;)
Ideally I would ban the IPs in my pfSense router too but that's another project.
from docker-fail2ban.
crazy-max
commented on June 1, 2024
@onedr0p Can you post your compose file please ?
from docker-fail2ban.
onedr0p
commented on June 1, 2024
version: '2'
services:
fail2ban:
image: crazymax/fail2ban:latest
environment:
F2B_LOG_LEVEL: DEBUG
TZ: America/New_York
volumes:
- /apps/docker/fail2ban/db:/var/lib/fail2ban
- /apps/docker/fail2ban/jail.d:/etc/fail2ban/jail.d
- /var/log:/var/log:ro
- /apps/docker/fail2ban/filter.d:/etc/fail2ban/filter.d
- /apps/docker/fail2ban/action.d:/etc/fail2/ban/action.dfrom docker-fail2ban.
crazy-max
commented on June 1, 2024
/etc/fail2/ban/action.d > /etc/fail2ban/action.d
from docker-fail2ban.
onedr0p
commented on June 1, 2024
Good catch, I made the changes and the files in there are still not being seen on my host. Should those files be mounted there?
from docker-fail2ban.
crazy-max
commented on June 1, 2024
network_mode must be set to host and privileged enabled.
from docker-fail2ban.
onedr0p
commented on June 1, 2024
2018-10-04 16:57:03,806 fail2ban.configreader [1]: ERROR Found no accessible config files for 'action.d/iptables-multiport' under /etc/fail2ban
2018-10-04 16:57:03,806 fail2ban.jailreader [1]: ERROR Unable to read action 'iptables-multiport'
Seems as thou mounting the volumes nulls out that directory within the container.
from docker-fail2ban.
crazy-max
commented on June 1, 2024
Can you apply my docker-compose example instead with your binds ?
from docker-fail2ban.
onedr0p
commented on June 1, 2024
I think the problem is not to do with network --host or --privileged for Docker.
Are you able to mount ./action.d:/etc/fail2ban/action.d and see the action.d directory and files on the host?
from docker-fail2ban.
crazy-max
commented on June 1, 2024
iptables-multiport.conf already exists in the container :
root@sandbox:/data/fail2ban# docker-compose exec fail2ban ls -al /etc/fail2ban/action.d/
total 292
drwxr-xr-x 2 root root 4096 Oct 4 15:23 .
drwxr-xr-x 1 root root 4096 Oct 4 22:52 ..
-rw-r--r-- 1 root root 3976 Oct 4 15:23 abuseipdb.conf
-rw-r--r-- 1 root root 587 Oct 4 15:23 apf.conf
-rw-r--r-- 1 root root 629 Oct 4 15:23 badips.conf
-rw-r--r-- 1 root root 11476 Oct 4 15:23 badips.py
-rw-r--r-- 1 root root 2715 Oct 4 15:23 blocklist_de.conf
-rw-r--r-- 1 root root 3271 Oct 4 15:23 bsd-ipfw.conf
-rw-r--r-- 1 root root 2807 Oct 4 15:23 cloudflare.conf
-rw-r--r-- 1 root root 4757 Oct 4 15:23 complain.conf
-rw-r--r-- 1 root root 7668 Oct 4 15:23 dshield.conf
-rw-r--r-- 1 root root 1717 Oct 4 15:23 dummy.conf
-rw-r--r-- 1 root root 1501 Oct 4 15:23 firewallcmd-allports.conf
-rw-r--r-- 1 root root 2649 Oct 4 15:23 firewallcmd-common.conf
-rw-r--r-- 1 root root 2235 Oct 4 15:23 firewallcmd-ipset.conf
-rw-r--r-- 1 root root 1270 Oct 4 15:23 firewallcmd-multiport.conf
-rw-r--r-- 1 root root 1898 Oct 4 15:23 firewallcmd-new.conf
-rw-r--r-- 1 root root 2314 Oct 4 15:23 firewallcmd-rich-logging.conf
-rw-r--r-- 1 root root 1765 Oct 4 15:23 firewallcmd-rich-rules.conf
-rw-r--r-- 1 root root 573 Oct 4 15:23 helpers-common.conf
-rw-r--r-- 1 root root 1657 Oct 4 15:23 hostsdeny.conf
-rw-r--r-- 1 root root 1573 Oct 4 15:23 ipfilter.conf
-rw-r--r-- 1 root root 1505 Oct 4 15:23 ipfw.conf
-rw-r--r-- 1 root root 1514 Oct 4 15:23 iptables-allports.conf
-rw-r--r-- 1 root root 2738 Oct 4 15:23 iptables-common.conf
-rw-r--r-- 1 root root 2088 Oct 4 15:23 iptables-ipset-proto4.conf
-rw-r--r-- 1 root root 2285 Oct 4 15:23 iptables-ipset-proto6-allports.conf
-rw-r--r-- 1 root root 2328 Oct 4 15:23 iptables-ipset-proto6.conf
-rw-r--r-- 1 root root 2170 Oct 4 15:23 iptables-multiport-log.conf
-rw-r--r-- 1 root root 1508 Oct 4 15:23 iptables-multiport.conf
-rw-r--r-- 1 root root 1585 Oct 4 15:23 iptables-new.conf
-rw-r--r-- 1 root root 2672 Oct 4 15:23 iptables-xt_recent-echo.conf
-rw-r--r-- 1 root root 1427 Oct 4 15:23 iptables.conf
-rw-r--r-- 1 root root 2431 Oct 4 15:23 mail-buffered.conf
-rw-r--r-- 1 root root 1049 Oct 4 15:23 mail-whois-common.conf
-rw-r--r-- 1 root root 2443 Oct 4 15:23 mail-whois-lines.conf
-rw-r--r-- 1 root root 1842 Oct 4 15:23 mail-whois.conf
-rw-r--r-- 1 root root 1709 Oct 4 15:23 mail.conf
-rw-r--r-- 1 root root 5321 Oct 4 15:23 mynetwatchman.conf
-rw-r--r-- 1 root root 1493 Oct 4 15:23 netscaler.conf
-rw-r--r-- 1 root root 490 Oct 4 15:23 nftables-allports.conf
-rw-r--r-- 1 root root 4126 Oct 4 15:23 nftables-common.conf
-rw-r--r-- 1 root root 496 Oct 4 15:23 nftables-multiport.conf
-rw-r--r-- 1 root root 3697 Oct 4 15:23 nginx-block-map.conf
-rw-r--r-- 1 root root 1524 Oct 4 15:23 npf.conf
-rw-r--r-- 1 root root 3234 Oct 4 15:23 nsupdate.conf
-rw-r--r-- 1 root root 469 Oct 4 15:23 osx-afctl.conf
-rw-r--r-- 1 root root 2302 Oct 4 15:23 osx-ipfw.conf
-rw-r--r-- 1 root root 3750 Oct 4 15:23 pf.conf
-rw-r--r-- 1 root root 1023 Oct 4 15:23 route.conf
-rw-r--r-- 1 root root 2918 Oct 4 15:23 sendmail-buffered.conf
-rw-r--r-- 1 root root 1912 Oct 4 15:23 sendmail-common.conf
-rw-r--r-- 1 root root 1773 Oct 4 15:23 sendmail-geoip-lines.conf
-rw-r--r-- 1 root root 1052 Oct 4 15:23 sendmail-whois-ipjailmatches.conf
-rw-r--r-- 1 root root 1033 Oct 4 15:23 sendmail-whois-ipmatches.conf
-rw-r--r-- 1 root root 1300 Oct 4 15:23 sendmail-whois-lines.conf
-rw-r--r-- 1 root root 997 Oct 4 15:23 sendmail-whois-matches.conf
-rw-r--r-- 1 root root 977 Oct 4 15:23 sendmail-whois.conf
-rw-r--r-- 1 root root 857 Oct 4 15:23 sendmail.conf
-rw-r--r-- 1 root root 3069 Oct 4 15:23 shorewall-ipset-proto6.conf
-rw-r--r-- 1 root root 2156 Oct 4 15:23 shorewall.conf
-rw-r--r-- 1 root root 6134 Oct 4 15:23 smtp.py
-rw-r--r-- 1 root root 1418 Oct 4 15:23 symbiosis-blacklist-allports.conf
-rw-r--r-- 1 root root 1045 Oct 4 15:23 ufw.conf
-rw-r--r-- 1 root root 6082 Oct 4 15:23 xarf-login-attack.conf
You want to add a custom action ? I think this is the issue.
from docker-fail2ban.
onedr0p
commented on June 1, 2024
Yes, I want to add a custom one, and change the text in another.
from docker-fail2ban.
crazy-max
commented on June 1, 2024
Okay, I'll look at what we could do to add custom actions. For the moment you can mount the file with a different name instead of the folder :
/apps/docker/fail2ban/action.d/iptables-multiport.conf:/etc/fail2ban/action.d/iptables-multiport2.conf
from docker-fail2ban.
onedr0p
commented on June 1, 2024
Wouldn't it be as simple as adding a VOLUME in the Dockerfile set to /etc/fail2ban/action.d/ and likewise /etc/fail2ban/filter.d/ thus tell the host there is persistent data there?
from docker-fail2ban.
onedr0p
commented on June 1, 2024
Mounting a single .conf file in kills the other .conf files in action.d from existing.
from docker-fail2ban.
crazy-max
commented on June 1, 2024
Check my mount point again I have renamed the file in the container : /action.d/iptables-multiport2.conf
from docker-fail2ban.
onedr0p
commented on June 1, 2024
huh? I don't see any code changes in your repo or docker image updates.
from docker-fail2ban.
onedr0p
commented on June 1, 2024
Ah, I see. Looks to be working now. Can't wait to see all the config files in these directories on my host so I can easily configure with 1 volume mapping.
from docker-fail2ban.
onedr0p
commented on June 1, 2024
One thing to note, you don't need set net to host and privilege if you want to add iptable rules. Since I just want to ban IPs on Cloudflare it is not needed.
See here for more info.
from docker-fail2ban.
crazy-max
commented on June 1, 2024
One thing to note, you don't need set net to host and privilege if you want to add
iptablerules.
@onedr0p Thanks for the tip :)
from docker-fail2ban.
crazy-max
commented on June 1, 2024
Ideally I would ban the IPs in my pfSense router too but that's another project.
Check abuseipdb.conf in the action.d folder in the container as an example to call pfsense web services ;)
from docker-fail2ban.
onedr0p
commented on June 1, 2024
I am not sure if that would work for me. I own a netgate router with pfSense on it. I would somehow need a way to add the table rules thru ssh or something.
The way I was thinking earlier was to serve a text file on my internal network that has the banned IPs written to it by fail2ban. Then pfSense could read it and ban them. But I have not seen such a project so it would require some dev time.
from docker-fail2ban.
crazy-max
commented on June 1, 2024
Ok I have made some changes to allow custom actions and filters. There are breaking changes. Check the README.
from docker-fail2ban.
onedr0p
commented on June 1, 2024
I updated and it looks better. However, the existing files in the *.d directories are still not being populated on the host volume mount. I am a little confused as to why because it looks like it should be now...
from docker-fail2ban.
crazy-max
commented on June 1, 2024
@onedr0p I don't copy existing files into the container on the binded path to avoid overwriting user-mounted files. We could do it if the folder does not exist, but it is not a good practice. Instead you can copy back the original files from the container using this command for example :
docker exec -it fail2ban cp -R /etc/fail2ban/action.d /data/action.orig.d
from docker-fail2ban.
Related Issues (20)
- Sendmail Report HOT 3
- Fail2Ban crash HOT 1
- Sendmail "wrong parameters" issue , always the first time execution of "sendmail" command,second try always okay. HOT 1
- Consider adding mail standalone feature HOT 1
- pip binary is missing, trying to `apk add py3-pip` breaks HOT 1
- [Feature Request] Add AbuseIPDB API integration
- [Feature Request] Add AbuseIPDB API integration HOT 1
- Can't send SMTP emails HOT 1
- F2B_DB_PURGE_AGE in examples is bogus HOT 2
- Help I banned my WAN IP and Unbanning command did not work HOT 1
- Is it possible to support Webhook? HOT 1
- Warning message is always triggered: already exists and will be overriden HOT 1
- Input chain not working sshd
- How to configure SSMTP if smtp server no authentication is required
- Disable: WARNING Unable to find a corresponding IP address for fail2ban: [Errno -2] Name does not resolve HOT 4
- Functionality for PUID/PGID
- System slowdown after more than 1 day of operation
- How to custom dockerfile to run container?
- Fail2ban docker not banning even if it says "already banned" HOT 3
- Subdomain access not blocked
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-fail2ban.