Comments (7)
The issue described above was due to TZ misconfiguration in Bitwarden container (UTC vs CET). The ban was already was ended at the time it began...
However, I have different comportment according to iptables chain setting.
The most interresting part is this error : stderr: 'iptables v1.8.3 (legacy): unknown option "--reject-with"'
What is your advise ?
F2B_IPTABLES_CHAIN=DOCKER-USER
This is the issue 36
2020-03-09 22:45:22,583 fail2ban.actions [1]: DEBUG Banned 1 / 1, 1 ticket(s) in 'bitwarden'
2020-03-09 22:45:42,557 fail2ban.actions [1]: NOTICE [bitwarden] Unban 80.XX.XX.XX
2020-03-09 22:45:42,557 fail2ban.actions [1]: DEBUG [bitwarden] action 'iptables-allports': unban 80.XX.XX.XX
2020-03-09 22:46:13,124 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:46:13,124 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:46:13,130 fail2ban.filter [1]: DEBUG Processing line with time:1583790373.0 and ip:80.XX.XX.XX
2020-03-09 22:46:13,130 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:46:13
2020-03-09 22:46:13,131 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 1. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:1
2020-03-09 22:46:16,670 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:46:16,671 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:46:16,671 fail2ban.filter [1]: DEBUG Processing line with time:1583790376.0 and ip:80.XX.XX.XX
2020-03-09 22:46:16,672 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:46:16
2020-03-09 22:46:16,672 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 2. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:2
2020-03-09 22:46:18,588 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:46:18,589 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:46:18,590 fail2ban.filter [1]: DEBUG Processing line with time:1583790378.0 and ip:80.XX.XX.XX
2020-03-09 22:46:18,590 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:46:18
2020-03-09 22:46:18,590 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 3. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:3
2020-03-09 22:46:20,517 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:46:20,518 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:46:20,518 fail2ban.filter [1]: DEBUG Processing line with time:1583790380.0 and ip:80.XX.XX.XX
2020-03-09 22:46:20,519 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:46:20
2020-03-09 22:46:20,519 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 4. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:4
2020-03-09 22:46:20,656 fail2ban.actions [1]: NOTICE [bitwarden] Ban 80.XX.XX.XX
2020-03-09 22:46:20,656 fail2ban.observer [1]: DEBUG [bitwarden] Observer: ban found 80.XX.XX.XX, 6400
2020-03-09 22:46:20,667 fail2ban.utils [1]: ERROR 7f4bf7d00240 -- exec: iptables -w -N f2b-bitwarden
iptables -w -A f2b-bitwarden -j RETURN
iptables -w -I DOCKER-USER -p tcp -j f2b-bitwarden
2020-03-09 22:46:20,667 fail2ban.utils [1]: ERROR 7f4bf7d00240 -- stderr: 'iptables: Chain already exists.'
2020-03-09 22:46:20,668 fail2ban.utils [1]: ERROR 7f4bf7d00240 -- stderr: 'iptables: No chain/target/match by that name.'
2020-03-09 22:46:20,668 fail2ban.utils [1]: ERROR 7f4bf7d00240 -- returned 1
2020-03-09 22:46:20,668 fail2ban.actions [1]: ERROR Failed to execute ban jail 'bitwarden' action 'iptables-allports' info 'ActionInfo({'ip': '80.XX.XX.XX', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f4bf7ad2dc0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f4bf7ad34c0>})': Error starting action Jail('bitwarden')/iptables-allports: 'Script error'
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/fail2ban/server/actions.py", line 482, in __checkBan
action.ban(aInfo)
File "/usr/lib/python3.8/site-packages/fail2ban/server/action.py", line 548, in ban
self._start(family, forceStart=True)
File "/usr/lib/python3.8/site-packages/fail2ban/server/action.py", line 529, in _start
ret = self._executeOperation('<actionstart>', 'starting', family=family, afterExec=_started)
File "/usr/lib/python3.8/site-packages/fail2ban/server/action.py", line 462, in _executeOperation
raise RuntimeError("Error %s action %s/%s: %r" % (operation, self._jail, self._name, err))
RuntimeError: Error starting action Jail('bitwarden')/iptables-allports: 'Script error'
2020-03-09 22:46:20,669 fail2ban.actions [1]: DEBUG Banned 1 / 2, 1 ticket(s) in 'bitwarden'
2020-03-09 22:47:06,270 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:47:06,271 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:47:06,272 fail2ban.filter [1]: DEBUG Processing line with time:1583790426.0 and ip:80.XX.XX.XX
2020-03-09 22:47:06,273 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:47:06
2020-03-09 22:47:06,273 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 5. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:1
F2B_IPTABLES_CHAIN=INPUT
2020-03-09 22:48:06,929 fail2ban.jail [1]: INFO Jail 'bitwarden' started
2020-03-09 22:48:06,930 fail2ban.transmitter [1]: DEBUG Status: ready
2020-03-09 22:52:54,110 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:52:54,111 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:52:54,116 fail2ban.filter [1]: DEBUG Processing line with time:1583790774.0 and ip:80.XX.XX.XX
2020-03-09 22:52:54,122 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:52:54
2020-03-09 22:52:54,122 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 1. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:1
2020-03-09 22:53:02,439 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:53:02,439 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:53:02,440 fail2ban.filter [1]: DEBUG Processing line with time:1583790782.0 and ip:80.XX.XX.XX
2020-03-09 22:53:02,441 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:53:02
2020-03-09 22:53:02,441 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 2. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:2
2020-03-09 22:53:07,248 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:53:07,248 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:53:07,249 fail2ban.filter [1]: DEBUG Processing line with time:1583790786.0 and ip:80.XX.XX.XX
2020-03-09 22:53:07,249 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:53:06
2020-03-09 22:53:07,250 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 3. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:3
2020-03-09 22:53:09,953 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:53:09,954 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:53:09,955 fail2ban.filter [1]: DEBUG Processing line with time:1583790789.0 and ip:80.XX.XX.XX
2020-03-09 22:53:09,955 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:53:09
2020-03-09 22:53:09,955 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 4. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:4
2020-03-09 22:53:10,500 fail2ban.actions [1]: NOTICE [bitwarden] Ban 80.XX.XX.XX
2020-03-09 22:53:10,502 fail2ban.observer [1]: DEBUG [bitwarden] Observer: ban found 80.XX.XX.XX, 6400
2020-03-09 22:53:10,513 fail2ban.utils [1]: DEBUG 7feefc7c67c0 -- returned successfully 0
2020-03-09 22:53:10,522 fail2ban.utils [1]: DEBUG 7feefc3eaab0 -- returned successfully 0
2020-03-09 22:53:10,532 fail2ban.utils [1]: ERROR 7feefc9a4270 -- exec: iptables -w -I f2b-bitwarden 1 -s 80.XX.XX.XX -j REJECT --reject-with icmp-port-unreachable
2020-03-09 22:53:10,533 fail2ban.utils [1]: ERROR 7feefc9a4270 -- stderr: 'iptables v1.8.3 (legacy): unknown option "--reject-with"'
2020-03-09 22:53:10,533 fail2ban.utils [1]: ERROR 7feefc9a4270 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2020-03-09 22:53:10,533 fail2ban.utils [1]: ERROR 7feefc9a4270 -- returned 2
2020-03-09 22:53:10,533 fail2ban.actions [1]: ERROR Failed to execute ban jail 'bitwarden' action 'iptables-allports' info 'ActionInfo({'ip': '80.XX.XX.XX', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7feefc7d9dc0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7feefc7da4c0>})': Error banning 80.XX.XX.XX
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/fail2ban/server/actions.py", line 482, in __checkBan
action.ban(aInfo)
File "/usr/lib/python3.8/site-packages/fail2ban/server/action.py", line 551, in ban
raise RuntimeError("Error banning %(ip)s" % aInfo)
RuntimeError: Error banning 80.XX.XX.XX
2020-03-09 22:53:10,536 fail2ban.actions [1]: DEBUG Banned 1 / 1, 1 ticket(s) in 'bitwarden'
F2B_IPTABLES_CHAIN=FORWARD
2020-03-09 22:57:47,536 fail2ban.transmitter [1]: DEBUG Status: ready
2020-03-09 22:59:08,086 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:59:08,087 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:59:08,092 fail2ban.filter [1]: DEBUG Processing line with time:1583791148.0 and ip:80.XX.XX.XX
2020-03-09 22:59:08,098 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:59:08
2020-03-09 22:59:08,099 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 1. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:1
2020-03-09 22:59:11,530 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:59:11,531 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:59:11,532 fail2ban.filter [1]: DEBUG Processing line with time:1583791151.0 and ip:80.XX.XX.XX
2020-03-09 22:59:11,533 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:59:11
2020-03-09 22:59:11,533 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 2. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:2
2020-03-09 22:59:15,048 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:59:15,048 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:59:15,049 fail2ban.filter [1]: DEBUG Processing line with time:1583791155.0 and ip:80.XX.XX.XX
2020-03-09 22:59:15,050 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:59:15
2020-03-09 22:59:15,050 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 3. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:3
2020-03-09 22:59:18,178 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 22:59:18,178 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 22:59:18,179 fail2ban.filter [1]: DEBUG Processing line with time:1583791158.0 and ip:80.XX.XX.XX
2020-03-09 22:59:18,180 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 22:59:18
2020-03-09 22:59:18,180 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 4. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:4
2020-03-09 22:59:18,245 fail2ban.actions [1]: NOTICE [bitwarden] Ban 80.XX.XX.XX
2020-03-09 22:59:18,245 fail2ban.observer [1]: DEBUG [bitwarden] Observer: ban found 80.XX.XX.XX, 6400
2020-03-09 22:59:18,257 fail2ban.utils [1]: DEBUG 7fb4cfe07240 -- returned successfully 0
2020-03-09 22:59:18,265 fail2ban.utils [1]: DEBUG 7fb4cf7eaab0 -- returned successfully 0
2020-03-09 22:59:18,274 fail2ban.utils [1]: ERROR 7fb4cfda41e0 -- exec: iptables -w -I f2b-bitwarden 1 -s 80.XX.XX.XX -j REJECT --reject-with icmp-port-unreachable
2020-03-09 22:59:18,275 fail2ban.utils [1]: ERROR 7fb4cfda41e0 -- stderr: 'iptables v1.8.3 (legacy): unknown option "--reject-with"'
2020-03-09 22:59:18,275 fail2ban.utils [1]: ERROR 7fb4cfda41e0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information."
2020-03-09 22:59:18,275 fail2ban.utils [1]: ERROR 7fb4cfda41e0 -- returned 2
2020-03-09 22:59:18,275 fail2ban.actions [1]: ERROR Failed to execute ban jail 'bitwarden' action 'iptables-allports' info 'ActionInfo({'ip': '80.XX.XX.XX', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fb4cfbd9dc0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fb4cfbda4c0>})': Error banning 80.XX.XX.XX
Traceback (most recent call last):
File "/usr/lib/python3.8/site-packages/fail2ban/server/actions.py", line 482, in __checkBan
action.ban(aInfo)
File "/usr/lib/python3.8/site-packages/fail2ban/server/action.py", line 551, in ban
raise RuntimeError("Error banning %(ip)s" % aInfo)
RuntimeError: Error banning 80.XX.XX.XX
2020-03-09 22:59:18,277 fail2ban.actions [1]: DEBUG Banned 1 / 1, 1 ticket(s) in 'bitwarden'
from docker-fail2ban.
Hi @sosandroid, this error seems related to Synology and/or iptables version. Maybe this thread can help you: https://serverfault.com/questions/664160/fail2ban-error-on-setting-iptables-on-synology-nas
from docker-fail2ban.
Thank you @crazy-max
Without reading this thread, I tried the proposed solution : moving to the DROP command.
This is not blocking neither. Despite the log of banned IP, I can still try false creds and then log in with a valid account.
2020-03-09 23:43:04,736 fail2ban.CommandAction [1]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
2020-03-09 23:43:04,736 fail2ban.CommandAction [1]: DEBUG Set actionstart = '<iptables> -N f2b-bitwarden\n<iptables> -A f2b-bitwarden -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-bitwarden'
2020-03-09 23:43:04,736 fail2ban.CommandAction [1]: DEBUG Set actionstop = '<iptables> -D INPUT -p tcp -j f2b-bitwarden\n<iptables> -F f2b-bitwarden\n<iptables> -X f2b-bitwarden'
2020-03-09 23:43:04,736 fail2ban.CommandAction [1]: DEBUG Set actionflush = '<iptables> -F f2b-bitwarden'
2020-03-09 23:43:04,736 fail2ban.CommandAction [1]: DEBUG Set actioncheck = "<iptables> -n -L INPUT | grep -q 'f2b-bitwarden[ \\t]'"
2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set actionban = '<iptables> -I f2b-bitwarden 1 -s <ip> -j <blocktype>'
2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set actionunban = '<iptables> -D f2b-bitwarden -s <ip> -j <blocktype>'
2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set name = 'bitwarden'
2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set actname = 'iptables-allports'
2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set chain = 'INPUT'
2020-03-09 23:43:04,737 fail2ban.CommandAction [1]: DEBUG Set port = 'ssh'
2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set protocol = 'tcp'
2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set blocktype = 'DROP'
2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set returntype = 'RETURN'
2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set lockingopt = '-w'
2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set iptables = 'iptables <lockingopt>'
2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set blocktype?family=inet6 = 'DROP'
2020-03-09 23:43:04,738 fail2ban.CommandAction [1]: DEBUG Set iptables?family=inet6 = 'ip6tables <lockingopt>'
2020-03-09 23:43:04,739 fail2ban.jail [1]: DEBUG Starting jail 'bitwarden'
2020-03-09 23:43:04,739 fail2ban.filterpyinotif [1]: DEBUG [bitwarden] filter started (pyinotifier)
2020-03-09 23:43:04,741 fail2ban.jail [1]: INFO Jail 'bitwarden' started
2020-03-09 23:43:04,741 fail2ban.transmitter [1]: DEBUG Status: ready
2020-03-09 23:44:37,877 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 64
2020-03-09 23:44:37,878 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x100 name=db.sqlite3-wal wd=1 >
2020-03-09 23:44:37,878 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x100 name=db.sqlite3-shm wd=1 >
2020-03-09 23:44:37,878 fail2ban.filterpyinotif [1]: DEBUG Ignoring creation of /bitwarden/db.sqlite3-wal we do not monitor
2020-03-09 23:44:37,879 fail2ban.filterpyinotif [1]: DEBUG Ignoring creation of /bitwarden/db.sqlite3-shm we do not monitor
2020-03-09 23:44:38,609 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 23:44:38,609 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 23:44:38,615 fail2ban.filter [1]: DEBUG Processing line with time:1583793878.0 and ip:80.XX.XX.XX
2020-03-09 23:44:38,623 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 23:44:38
2020-03-09 23:44:38,623 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 1. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:1
2020-03-09 23:44:41,327 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 23:44:41,328 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 23:44:41,329 fail2ban.filter [1]: DEBUG Processing line with time:1583793881.0 and ip:80.XX.XX.XX
2020-03-09 23:44:41,329 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 23:44:41
2020-03-09 23:44:41,329 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 2. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:2
2020-03-09 23:44:44,949 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 23:44:44,949 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 23:44:44,950 fail2ban.filter [1]: DEBUG Processing line with time:1583793884.0 and ip:80.XX.XX.XX
2020-03-09 23:44:44,950 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 23:44:44
2020-03-09 23:44:44,951 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 3. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:3
2020-03-09 23:44:47,829 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 23:44:47,830 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 23:44:47,831 fail2ban.filter [1]: DEBUG Processing line with time:1583793887.0 and ip:80.XX.XX.XX
2020-03-09 23:44:47,831 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 23:44:47
2020-03-09 23:44:47,831 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 4. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:4
2020-03-09 23:44:48,066 fail2ban.actions [1]: NOTICE [bitwarden] Ban 80.XX.XX.XX
2020-03-09 23:44:48,066 fail2ban.observer [1]: DEBUG [bitwarden] Observer: ban found 80.XX.XX.XX, 6400
2020-03-09 23:44:48,078 fail2ban.utils [1]: DEBUG 7fb73a032240 -- returned successfully 0
2020-03-09 23:44:48,087 fail2ban.utils [1]: DEBUG 7fb739a17a40 -- returned successfully 0
2020-03-09 23:44:48,095 fail2ban.utils [1]: DEBUG 7fb739a17ab0 -- returned successfully 0
2020-03-09 23:44:48,096 fail2ban.actions [1]: DEBUG Banned 1 / 1, 1 ticket(s) in 'bitwarden'
2020-03-09 23:44:55,188 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-03-09 23:44:55,189 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-03-09 23:44:55,190 fail2ban.filter [1]: DEBUG Processing line with time:1583793895.0 and ip:80.XX.XX.XX
2020-03-09 23:44:55,190 fail2ban.filter [1]: INFO [bitwarden] Found 80.XX.XX.XX - 2020-03-09 23:44:55
2020-03-09 23:44:55,191 fail2ban.failmanager [1]: DEBUG Total # of detected failures: 5. Current failures from 1 IPs (IP:count): 80.XX.XX.XX:1
from docker-fail2ban.
@sosandroid Can you post all config files without sensitive values? (docker-compose.yml
, .env
, jails
, actions
, etc..). And also, is Bitwarden deployed through Docker? If so you have to use DOCKER-USER
as F2B_IPTABLES_CHAIN
.
from docker-fail2ban.
Hello,
From your request I realized I did not used any docker-compose.yml
file. I used the Synology GUI instead. Before replying, I wanted to test using a proper docker-compose.yml
.
To respond the question about Bitwarden, I am using it through Docker with bitwardenrs/server:latest
image
Here we go with a working solution on Synology:
Modifying the REJECT
command to DROP
by adding action.d/iptables-common.local
. The first one is not suppoted by iptables on Synology
[Init]
blocktype = DROP
[Init?family=inet6]
blocktype = DROP
Setting the filter : filter.d/bitwarden.conf
[INCLUDES]
before = common.conf
[Definition]
failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
ignoreregex =
Setting jail jail.d/bitwarden.conf
[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.0.0/22
bantime = 6400
findtime = 86400
maxretry = 4
backend = auto
action = iptables-allports[name=bitwarden]
#action = route
[bitwarden]
enabled = true
port = 80,81,443,8081
filter = bitwarden
logpath = /bitwarden/bitwarden.log
Last but not least, the docker-compose.yml
version: '3'
services:
fail2ban:
container_name: fail2ban
restart: always
image: crazymax/fail2ban:latest
environment:
- TZ=Europe/Paris
- F2B_DB_PURGE_AGE=30d
- F2B_LOG_TARGET=/data/fail2ban.log
- F2B_LOG_LEVEL=DEBUG
- F2B_IPTABLES_CHAIN=INPUT
volumes:
- /volumeX/docker/fail2ban:/data
- /volumeX/docker/bw-data:/bitwarden:ro
network_mode: "host"
privileged: true
cap_add:
- NET_ADMIN
- NET_RAW
The issue was about adding capabilities NET_ADMIN and NET_RAW according to my understanding. The Synology's Docker GUI does not allow such settings.
from docker-fail2ban.
Closed
from docker-fail2ban.
Full solution pushed there : https://github.com/sosandroid/docker-fail2ban-synology
from docker-fail2ban.
Related Issues (20)
- Sendmail "wrong parameters" issue , always the first time execution of "sendmail" command,second try always okay. HOT 1
- Consider adding mail standalone feature HOT 1
- pip binary is missing, trying to `apk add py3-pip` breaks HOT 1
- [Feature Request] Add AbuseIPDB API integration
- [Feature Request] Add AbuseIPDB API integration HOT 1
- Can't send SMTP emails HOT 1
- F2B_DB_PURGE_AGE in examples is bogus HOT 2
- Help I banned my WAN IP and Unbanning command did not work HOT 1
- Is it possible to support Webhook? HOT 1
- Warning message is always triggered: already exists and will be overriden HOT 1
- Input chain not working sshd
- How to configure SSMTP if smtp server no authentication is required
- Disable: WARNING Unable to find a corresponding IP address for fail2ban: [Errno -2] Name does not resolve HOT 4
- Functionality for PUID/PGID
- System slowdown after more than 1 day of operation
- How to custom dockerfile to run container?
- Fail2ban docker not banning even if it says "already banned" HOT 3
- Subdomain access not blocked
- docker-fail2ban:1.1.0 compatibility issue with Synology HOT 9
- add linux/arm/v8 image HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-fail2ban.