Closed sblantipodi closed 7 months ago
I have seen that the ban rules are inserted in iptables-legacy and not in iptables. I can't use iptables-legacy as default since some other containers needs iptables nft.
does this image works with iptables-nft?
if yes, can I use both the REJECT rules from iptables nft and iptables legacy at the same time? if yes, why this line REJECT all -- mob-myIP.net.vodafone.it anywhere reject-with icmp-port-unreachable does not block my connection?
I switched to iptables-legacy just to make a try... update-alternatives --config ip6tables update-alternatives --config iptables
rebooted the system.
iptables -L shows that the ip is correctly banned but I have no problem in accessing my site...
Chain f2b-HASS (1 references)
target prot opt source destination
REJECT all -- 176.myip.0.0 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
I solved by adding the DOCKER chain in the correct jail.
Support guidelines
I've found a bug and checked that ...
Description
Fail2ban docker not banning even if it says "already banned".
Expected behaviour
Ban the IP this is the fail2ban.log
Fail2ban docker not banning even if it says "already banned"
Actual behaviour
no banned IP address when I run this command iptables -L
Steps to reproduce
just run fail2ban on docker...
Docker info
Docker Compose config
Logs
but it still not block connection...