github-actions[bot]
commented
1 year ago Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
Closed mtrolley closed 9 months ago
github-actions[bot]
commented
1 year ago Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
sambartik
commented
1 year ago I think it might be because the docker fail2ban uses the legacy version of iptables. You can verify that there is no f2b entries when checking iptables -L, whereas iptables-legacy -L shows the f2b's entries. The iptables-legacy in fact did not have any of the docker chains.
mtrolley
commented
1 year ago Hi @sambartik, sorry I'm not super familiar with iptables or fail2ban. Are you asking me to try something, or suggesting a possible cause for the problem?
sambartik
commented
1 year ago Hey there, Trolley. I was trying to provide more information to help resolve this issue, but unfortunately, I am not that familiar with iptables or fail2ban as well.
dgrzjohn
commented
1 year ago I am having the same issue. Setting chain = FORWARD seems to drop requests properly. The DOCKER-USER chain does exist on the host.
2023-05-06 16:16:57,149 7FB8FA9B20 ERROR 7fba20b4c0 -- exec: { iptables -w -C f2b-nginx-deny -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-nginx-deny || true; iptables -w -A f2b-nginx-deny -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C DOCKER-USER -p $proto -m multiport --dports http,https -j f2b-nginx-deny >/dev/null 2>&1; } || { iptables -w -I DOCKER-USER -p $proto -m multiport --dports http,https -j f2b-nginx-deny; }
done
2023-05-06 16:16:57,150 7FB8FA9B20 ERROR 7fba20b4c0 -- stderr: 'iptables: No chain/target/match by that name.'
2023-05-06 16:16:57,150 7FB8FA9B20 ERROR 7fba20b4c0 -- returned 1
2023-05-06 16:16:57,151 7FB8FA9B20 ERROR Failed to execute ban jail 'nginx-deny' action 'iptables-multiport' info 'ActionInfo({'ip': 'x.x.x.x', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fba1988b0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fba198f70>})': Error starting action Jail('nginx-deny')/iptables-multiport: 'Script error'
I gave up on this container but copied the filter and jail config files to the Ubuntu host to run fail2ban directly on the host and it works there.
github-actions[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.
silmarine
commented
1 year ago This is also not working for me. I am currently just using the route action that sets an unknown route for the banned IP and that works but it totally bans the IP instead of just that IP on the application/port number.
github-actions[bot]
commented
11 months ago This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.
github-actions[bot]
commented
8 months ago This issue is locked due to inactivity
Is there an existing issue for this?
Current Behavior
I set up my
jail.localto ban failed login attempts to my LSIOopenssh-serverby adding this:When a brute force attempt was detected
fail2bantried to block the IP but the log shows it failed:If I run the first command listed with exec manually when logged into the container as
rootit succeeds though:Then on the host:
Expected Behavior
The command should succeed to ban the IP.
Steps To Reproduce
Set up
fail2bancontainer withjail.locallike:Environment
CPU architecture
x86-64
Docker creation
Container logs