Closed mtrolley closed 9 months ago
Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
I think it might be because the docker fail2ban uses the legacy version of iptables. You can verify that there is no f2b entries when checking iptables -L
, whereas iptables-legacy -L
shows the f2b's entries. The iptables-legacy in fact did not have any of the docker chains.
Hi @sambartik, sorry I'm not super familiar with iptables or fail2ban. Are you asking me to try something, or suggesting a possible cause for the problem?
Hey there, Trolley. I was trying to provide more information to help resolve this issue, but unfortunately, I am not that familiar with iptables or fail2ban as well.
I am having the same issue. Setting chain = FORWARD
seems to drop requests properly. The DOCKER-USER
chain does exist on the host.
2023-05-06 16:16:57,149 7FB8FA9B20 ERROR 7fba20b4c0 -- exec: { iptables -w -C f2b-nginx-deny -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-nginx-deny || true; iptables -w -A f2b-nginx-deny -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C DOCKER-USER -p $proto -m multiport --dports http,https -j f2b-nginx-deny >/dev/null 2>&1; } || { iptables -w -I DOCKER-USER -p $proto -m multiport --dports http,https -j f2b-nginx-deny; }
done
2023-05-06 16:16:57,150 7FB8FA9B20 ERROR 7fba20b4c0 -- stderr: 'iptables: No chain/target/match by that name.'
2023-05-06 16:16:57,150 7FB8FA9B20 ERROR 7fba20b4c0 -- returned 1
2023-05-06 16:16:57,151 7FB8FA9B20 ERROR Failed to execute ban jail 'nginx-deny' action 'iptables-multiport' info 'ActionInfo({'ip': 'x.x.x.x', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fba1988b0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fba198f70>})': Error starting action Jail('nginx-deny')/iptables-multiport: 'Script error'
I gave up on this container but copied the filter and jail config files to the Ubuntu host to run fail2ban
directly on the host and it works there.
This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.
This is also not working for me. I am currently just using the route action that sets an unknown route for the banned IP and that works but it totally bans the IP instead of just that IP on the application/port number.
This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.
This issue is locked due to inactivity
Is there an existing issue for this?
Current Behavior
I set up my
jail.local
to ban failed login attempts to my LSIOopenssh-server
by adding this:When a brute force attempt was detected
fail2ban
tried to block the IP but the log shows it failed:If I run the first command listed with exec manually when logged into the container as
root
it succeeds though:Then on the host:
Expected Behavior
The command should succeed to ban the IP.
Steps To Reproduce
Set up
fail2ban
container withjail.local
like:Environment
CPU architecture
x86-64
Docker creation
Container logs