Coder Social home page Coder Social logo

Comments (5)

gauth-fr avatar gauth-fr commented on June 26, 2024 1

Well, i've just tried with chain = DOCKER-USER and it worked, so it's even simpler thanks!

Regarding the network mode, it doesn't change whatever is the default chain.

if it helps here is my docker-compose, which works with input and docker-user, and is just using what in the example folder:


services:
  fail2ban-input:
    image: crazymax/fail2ban:latest
    container_name: fail2ban-input
    network_mode: "host"
    cap_add:
      - NET_ADMIN
      - NET_RAW
    volumes:
      - "...config/fail2ban:/data"
      - "/var/log:/var/log:ro"
    environment:
      - "F2B_IPTABLES_CHAIN=INPUT"      
      - "TZ=Europe/Paris"
      - "F2B_LOG_TARGET=/data/fail2ban.log"
      - "F2B_LOG_LEVEL=INFO"
      - "F2B_DB_PURGE_AGE=10w"
    restart: always```

from docker-fail2ban.

alexschomb avatar alexschomb commented on June 26, 2024

Thanks for sharing. Just an untested idea: Wouldn't this work as well?

# jail.d/traefik.conf
[traefik-auth]
enabled = true
logpath = %(traefik_access_log)s
port = http,https
chain = DOCKER-USER
findtime = 600
maxretry = 3
bantime=1w

[traefik-botsearch]
enabled = true
logpath = %(traefik_access_log)s
maxretry = 1
bantime=4w
port = http,https
chain = DOCKER-USER

Actually, chain = DOCKER-USER is the default in my action.d/iptables-common.conf already. That would mean that you'd only need to set chain = INPUT for host services like sshd. But how about the networking then? I suppose network_mode: host still applies?

from docker-fail2ban.

alexschomb avatar alexschomb commented on June 26, 2024

Great! Thanks for your feedback 👍

from docker-fail2ban.

crazy-max avatar crazy-max commented on June 26, 2024

Hi guys, I will reconsider the implementation and probably remove the F2B_IPTABLES_CHAIN var. Will also fix #17

from docker-fail2ban.

crazy-max avatar crazy-max commented on June 26, 2024

@alexschomb @gauth-fr F2B_IPTABLES_CHAIN env var has been removed and README updated to use chain = <name> def.

from docker-fail2ban.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.