furian88 commented 5 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Current Behavior

fail2ban has worked for me for quite a long time, so long that i stopped checking the logs for a while.

Now i can see in the logging that IP's are being banned as fail2ban logs says so, but it does not ban the ip really from the host side. I can just keep connecting even though i should be banned.

i can also no longer see the iptables on the unraid host. (expected a chain, but its not there)

Expected Behavior

No response

Steps To Reproduce

jail: [authelia-auth]

enabled = true

port = http,80,https,443,9091

protocol = tcp

logpath = %(remote_logs_path)s/authelia/authelia.log chain = DOCKER-USER action = iptables-multiport[name=HTTP, port="http,https,9091,4443,18443,8181,7818,8080,1880", protocol=tcp]

action = %(known/action)s

ignoreip = 127.0.0.1/8 ::1 172.18.0.0/16 192.168.0.0/24 bantime = -1 findtime = 24h maxretry = 1

[nginx-bad-request]

enabled = true

port = http,80,https,443,18443,1880,7818

logpath = %(nginx_access_log)s chain = DOCKER-USER action = iptables-multiport[name=HTTP, port="http,https,9091,4443,18443,8181,7818,8080,1880", protocol=tcp]

action = %(known/action)s

ignoreip = 127.0.0.1/8 ::1 172.18.0.0/16 192.168.0.0/24 bantime = -1 findtime = 24h maxretry = 1

error from logs: 2024-04-05 08:42:11,949 150AA2544B38 ERROR 150aa31018a0 -- exec: for proto in $(echo 'tcp' | sed 's/,/ /g'); do iptables -w -D INPUT -p $proto -m multiport --dports http,https,9091,4443,18443,8181,7818,8080,1880 -j f2b-HTTP done iptables -w -F f2b-HTTP iptables -w -X f2b-HTTP 2024-04-05 08:42:11,949 150AA2544B38 ERROR 150aa31018a0 -- stderr: "iptables v1.8.10 (nf_tables): Chain 'f2b-HTTP' does not exist" 2024-04-05 08:42:11,949 150AA2544B38 ERROR 150aa31018a0 -- stderr: "Try `iptables -h' or 'iptables --help' for more information." 2024-04-05 08:42:11,950 150AA2544B38 ERROR 150aa31018a0 -- stderr: 'iptables: No chain/target/match by that name.' 2024-04-05 08:42:11,950 150AA2544B38 ERROR 150aa31018a0 -- stderr: 'iptables: No chain/target/match by that name.' 2024-04-05 08:42:11,950 150AA2544B38 ERROR 150aa31018a0 -- returned 1 2024-04-05 08:42:11,950 150AA2544B38 ERROR Failed to stop jail 'nginx-bad-request' action 'iptables-multiport-f2b-HTTP': Error stopping action Jail('nginx-bad-request')/iptables-multiport-f2b-HTTP: 'Script error'

Environment

- OS: unraid 6.12.10
- How docker service was installed: through apps with repository lscr.io/linuxserver/fail2ban network type host

CPU architecture

x86-64

Docker creation

<?xml version="1.0"?>
<Container version="2">
  <Name>fail2ban</Name>
  <Repository>lscr.io/linuxserver/fail2ban</Repository>
  <Registry>https://github.com/orgs/linuxserver/packages/container/package/fail2ban</Registry>
  <Network>host</Network>
  <MyIP/>
  <Shell>bash</Shell>
  <Privileged>false</Privileged>
  <Support>https://github.com/linuxserver/docker-fail2ban/issues/new/choose</Support>
  <Project>http://www.fail2ban.org/</Project>
  <Overview>Fail2ban(http://www.fail2ban.org/) is a daemon to ban hosts that cause multiple authentication errors.</Overview>
  <Category>Security:</Category>
  <WebUI/>
  <TemplateURL>https://raw.githubusercontent.com/linuxserver/templates/master/unraid/fail2ban.xml</TemplateURL>
  <Icon>https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/fail2ban-logo.png</Icon>
  <ExtraParams>--cap-add=NET_ADMIN --cap-add=NET_RAW</ExtraParams>
  <PostArgs/>
  <CPUset/>
  <DateInstalled>1699788704</DateInstalled>
  <DonateText>Donations</DonateText>
  <DonateLink>https://www.linuxserver.io/donate</DonateLink>
  <Requires/>
  <Config Name="Path: /var/log" Target="/var/log" Default="" Mode="ro" Description="Host logs. Mounted as Read Only." Type="Path" Display="always" Required="true" Mask="false">/var/log</Config>
  <Config Name="Path: /remotelogs/airsonic" Target="/remotelogs/airsonic" Default="" Mode="ro" Description="Optional path to airsonic log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/apache2" Target="/remotelogs/apache2" Default="" Mode="ro" Description="Optional path to apache2 log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/authelia" Target="/remotelogs/authelia" Default="" Mode="ro" Description="Optional path to authelia log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/Authelia/log/</Config>
  <Config Name="Path: /remotelogs/emby" Target="/remotelogs/emby" Default="" Mode="ro" Description="Optional path to emby log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/filebrowser" Target="/remotelogs/filebrowser" Default="" Mode="ro" Description="Optional path to filebrowser log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/homeassistant" Target="/remotelogs/homeassistant" Default="" Mode="ro" Description="Optional path to homeassistant log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/lighttpd" Target="/remotelogs/lighttpd" Default="" Mode="ro" Description="Optional path to lighttpd log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/nextcloud" Target="/remotelogs/nextcloud" Default="" Mode="ro" Description="Optional path to nextcloud log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/vm_pool/Phone/</Config>
  <Config Name="Path: /remotelogs/nginx" Target="/remotelogs/nginx" Default="" Mode="ro" Description="Optional path to nginx log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/NginxProxyManager/log/</Config>
  <Config Name="Path: /remotelogs/nzbget" Target="/remotelogs/nzbget" Default="" Mode="ro" Description="Optional path to nzbget log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/overseerr" Target="/remotelogs/overseerr" Default="" Mode="ro" Description="Optional path to overseerr log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/prowlarr" Target="/remotelogs/prowlarr" Default="" Mode="ro" Description="Optional path to prowlarr log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/radarr" Target="/remotelogs/radarr" Default="" Mode="ro" Description="Optional path to radarr log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/sabnzbd" Target="/remotelogs/sabnzbd" Default="" Mode="ro" Description="Optional path to sabnzbd log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/binhex-sabnzbd/logs/</Config>
  <Config Name="Path: /remotelogs/sonarr" Target="/remotelogs/sonarr" Default="" Mode="ro" Description="Optional path to sonarr log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/binhex-sonarr/logs/</Config>
  <Config Name="Path: /remotelogs/unificontroller" Target="/remotelogs/unificontroller" Default="" Mode="ro" Description="Optional path to unificontroller log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false"/>
  <Config Name="Path: /remotelogs/vaultwarden" Target="/remotelogs/vaultwarden" Default="" Mode="ro" Description="Optional path to vaultwarden log folder. Mounted as Read Only." Type="Path" Display="always" Required="false" Mask="false">/mnt/cache/appdata/vaultwarden/logs/</Config>
  <Config Name="Verbosity" Target="VERBOSITY" Default="-vv" Mode="{3}" Description="Set the container log verbosity. Valid options are -v, -vv, -vvv, -vvvv, or leaving the value blank or not setting the variable." Type="Variable" Display="always" Required="false" Mask="false">-vv</Config>
  <Config Name="Appdata" Target="/config" Default="/mnt/cache/appdata/fail2ban" Mode="rw" Description="Contains all relevant configuration files." Type="Path" Display="advanced" Required="true" Mask="false">/mnt/cache/appdata/fail2ban</Config>
  <Config Name="PUID" Target="PUID" Default="99" Mode="{3}" Description="" Type="Variable" Display="advanced" Required="true" Mask="false">99</Config>
  <Config Name="PGID" Target="PGID" Default="100" Mode="{3}" Description="" Type="Variable" Display="advanced" Required="true" Mask="false">100</Config>
  <Config Name="UMASK" Target="UMASK" Default="022" Mode="{3}" Description="" Type="Variable" Display="advanced" Required="false" Mask="false">022</Config>
</Container>

Container logs

i removed the restore ban list:

2024-04-05 11:00:37,083 148402BC3B08 INFO  Starting Fail2ban v1.0.2
 2024-04-05 11:00:37,084 14840123BB38 INFO  Observer start...
 2024-04-05 11:00:37,092 148402BC3B08 INFO  Connected to fail2ban persistent database '/config/fail2ban/fail2ban.sqlite3'
 2024-04-05 11:00:37,092 148402BC3B08 INFO  Creating new jail 'authelia-auth'
 2024-04-05 11:00:37,096 148402BC3B08 INFO  Jail 'authelia-auth' uses poller {}
 2024-04-05 11:00:37,096 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,099 148402BC3B08 INFO    maxRetry: 1
 2024-04-05 11:00:37,099 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,099 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,099 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,100 148402BC3B08 INFO  Added logfile: '/remotelogs/authelia/authelia.log' (pos = 2445521, hash = 83446e7634061c0b954df3503fbc3bce64d03e54)
 2024-04-05 11:00:37,100 148402BC3B08 INFO  Creating new jail 'nextcloud-auth'
 2024-04-05 11:00:37,101 148402BC3B08 INFO  Jail 'nextcloud-auth' uses poller {}
 2024-04-05 11:00:37,101 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,102 148402BC3B08 INFO    date pattern `',?\\s*"time"\\s*:\\s*"%Y-%m-%d[T ]%H:%M:%S(%z)?"'`: `,?\s*"time"\s*:\s*"Year-Month-Day[T ]24hour:Minute:Second(Zone offset)?"`
 2024-04-05 11:00:37,102 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,102 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,102 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,102 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,104 148402BC3B08 INFO  Added logfile: '/remotelogs/nextcloud/nextcloud.log' (pos = 5043397, hash = a022d3c3a92bb7dfc50572c126adcee541b6db5f)
 2024-04-05 11:00:37,104 148402BC3B08 INFO  Creating new jail 'nginx-418'
 2024-04-05 11:00:37,104 148402BC3B08 INFO  Jail 'nginx-418' uses poller {}
 2024-04-05 11:00:37,104 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,105 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,105 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,105 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,105 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,105 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_access.log' (pos = 0, hash = )
 2024-04-05 11:00:37,105 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_access.log' (pos = 2172037, hash = 61d88ba30ed2af6b75bcc7a579c87b0612c5ed91)
 2024-04-05 11:00:37,105 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_access.log' (pos = 73438, hash = 1d0721394a79696608903b39b19c51409687ddca)
 2024-04-05 11:00:37,105 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_access.log' (pos = 34946, hash = 047fff10c4b6ab8239b932f1c135477ab4d4c8a2)
 2024-04-05 11:00:37,106 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_access.log' (pos = 69809, hash = 7f3d6c8b8437292f5109e499ba4ec0190dd4e7bd)
 2024-04-05 11:00:37,106 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_access.log' (pos = 375320, hash = 17dfff7aeba0fbe9ba3b2b28625df4abb2260676)
 2024-04-05 11:00:37,106 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_access.log' (pos = 2125, hash = 4b2c0d67128b02d4d204b04b9b146f82207343b2)
 2024-04-05 11:00:37,106 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_access.log' (pos = 112081, hash = 3070810110c59dd36acfcd3a27a995e88a4f2767)
 2024-04-05 11:00:37,107 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_access.log' (pos = 23896, hash = 8473fec3c4189cbc82279835cce81dbec866dee6)
 2024-04-05 11:00:37,107 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_access.log' (pos = 1245668, hash = 6bc90e6306edf712eaaeaa6ac0fd148573d0fc50)
 2024-04-05 11:00:37,107 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_access.log' (pos = 2281, hash = 01aa3e1c4fe3fe5ad7bcdcd5b1acd8ab46d6ddee)
 2024-04-05 11:00:37,107 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_access.log' (pos = 123735, hash = c2cebb8c35c0f8b4379113bb8f0164f31d4dd022)
 2024-04-05 11:00:37,107 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_access.log' (pos = 2819, hash = 1a786b7b0884fefd7c2c8ef62620a9e258e7c405)
 2024-04-05 11:00:37,108 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_access.log' (pos = 3317, hash = ad741a4351ab5876775124faaca6c514222cbf37)
 2024-04-05 11:00:37,108 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_access.log' (pos = 1902, hash = 2efdab895b05ca18b535eedb196930b1b6b9a796)
 2024-04-05 11:00:37,108 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_access.log' (pos = 14786, hash = a652c3e216a2c89ef20a5dacb439b71a2a4f23a4)
 2024-04-05 11:00:37,108 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_access.log' (pos = 29212, hash = a5b634b17befa19f13a71ec2a5c7d7ed8842c0cc)
 2024-04-05 11:00:37,108 148402BC3B08 INFO  Creating new jail 'nginx-bad-request'
 2024-04-05 11:00:37,109 148402BC3B08 INFO  Jail 'nginx-bad-request' uses poller {}
 2024-04-05 11:00:37,109 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,109 148402BC3B08 INFO    date pattern `'{^LN-BEG}%ExY(?P<_sep>[-/.])%m(?P=_sep)%d[T ]%H:%M:%S(?:[.,]%f)?(?:\\s*%z)?'`: `{^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day[T ]24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?`
 2024-04-05 11:00:37,110 148402BC3B08 INFO    maxRetry: 1
 2024-04-05 11:00:37,110 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,110 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,110 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_access.log' (pos = 0, hash = )
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_access.log' (pos = 2172037, hash = 61d88ba30ed2af6b75bcc7a579c87b0612c5ed91)
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_access.log' (pos = 73438, hash = 1d0721394a79696608903b39b19c51409687ddca)
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_access.log' (pos = 34946, hash = 047fff10c4b6ab8239b932f1c135477ab4d4c8a2)
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_access.log' (pos = 69809, hash = 7f3d6c8b8437292f5109e499ba4ec0190dd4e7bd)
 2024-04-05 11:00:37,110 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_access.log' (pos = 375320, hash = 17dfff7aeba0fbe9ba3b2b28625df4abb2260676)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_access.log' (pos = 2125, hash = 4b2c0d67128b02d4d204b04b9b146f82207343b2)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_access.log' (pos = 112081, hash = 3070810110c59dd36acfcd3a27a995e88a4f2767)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_access.log' (pos = 23896, hash = 8473fec3c4189cbc82279835cce81dbec866dee6)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_access.log' (pos = 1245668, hash = 6bc90e6306edf712eaaeaa6ac0fd148573d0fc50)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_access.log' (pos = 2281, hash = 01aa3e1c4fe3fe5ad7bcdcd5b1acd8ab46d6ddee)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_access.log' (pos = 123735, hash = c2cebb8c35c0f8b4379113bb8f0164f31d4dd022)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_access.log' (pos = 2819, hash = 1a786b7b0884fefd7c2c8ef62620a9e258e7c405)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_access.log' (pos = 3317, hash = ad741a4351ab5876775124faaca6c514222cbf37)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_access.log' (pos = 1902, hash = 2efdab895b05ca18b535eedb196930b1b6b9a796)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_access.log' (pos = 14786, hash = a652c3e216a2c89ef20a5dacb439b71a2a4f23a4)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_access.log' (pos = 29212, hash = a5b634b17befa19f13a71ec2a5c7d7ed8842c0cc)
 2024-04-05 11:00:37,111 148402BC3B08 INFO  Creating new jail 'nginx-badbots'
 2024-04-05 11:00:37,112 148402BC3B08 INFO  Jail 'nginx-badbots' uses poller {}
 2024-04-05 11:00:37,112 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,114 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,114 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,114 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,114 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_access.log' (pos = 0, hash = )
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_access.log' (pos = 2172037, hash = 61d88ba30ed2af6b75bcc7a579c87b0612c5ed91)
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_access.log' (pos = 73438, hash = 1d0721394a79696608903b39b19c51409687ddca)
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_access.log' (pos = 34946, hash = 047fff10c4b6ab8239b932f1c135477ab4d4c8a2)
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_access.log' (pos = 69809, hash = 7f3d6c8b8437292f5109e499ba4ec0190dd4e7bd)
 2024-04-05 11:00:37,114 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_access.log' (pos = 375320, hash = 17dfff7aeba0fbe9ba3b2b28625df4abb2260676)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_access.log' (pos = 2125, hash = 4b2c0d67128b02d4d204b04b9b146f82207343b2)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_access.log' (pos = 112081, hash = 3070810110c59dd36acfcd3a27a995e88a4f2767)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_access.log' (pos = 23896, hash = 8473fec3c4189cbc82279835cce81dbec866dee6)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_access.log' (pos = 1245668, hash = 6bc90e6306edf712eaaeaa6ac0fd148573d0fc50)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_access.log' (pos = 2281, hash = 01aa3e1c4fe3fe5ad7bcdcd5b1acd8ab46d6ddee)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_access.log' (pos = 123735, hash = c2cebb8c35c0f8b4379113bb8f0164f31d4dd022)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_access.log' (pos = 2819, hash = 1a786b7b0884fefd7c2c8ef62620a9e258e7c405)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_access.log' (pos = 3317, hash = ad741a4351ab5876775124faaca6c514222cbf37)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_access.log' (pos = 1902, hash = 2efdab895b05ca18b535eedb196930b1b6b9a796)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_access.log' (pos = 14786, hash = a652c3e216a2c89ef20a5dacb439b71a2a4f23a4)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_access.log' (pos = 29212, hash = a5b634b17befa19f13a71ec2a5c7d7ed8842c0cc)
 2024-04-05 11:00:37,115 148402BC3B08 INFO  Creating new jail 'nginx-botsearch'
 2024-04-05 11:00:37,116 148402BC3B08 INFO  Jail 'nginx-botsearch' uses poller {}
 2024-04-05 11:00:37,116 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,117 148402BC3B08 INFO    date pattern `'{^LN-BEG}%ExY(?P<_sep>[-/.])%m(?P=_sep)%d[T ]%H:%M:%S(?:[.,]%f)?(?:\\s*%z)?'`: `{^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day[T ]24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?`
 2024-04-05 11:00:37,117 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,117 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,117 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,117 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,117 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,117 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_error.log' (pos = 229, hash = 215843c3d5b6df924ff879dafe39cbdf2957469c)
 2024-04-05 11:00:37,117 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_error.log' (pos = 2197, hash = cbff8364089aca03c224c1e6289cd44614a0690a)
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_error.log' (pos = 2519, hash = 1bab90f244190226109958ce0a12ac6ffc0409e7)
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,118 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/error.log' (pos = 7714, hash = ecb7c37f8adf5c82c49db02e3be2ceb692eb6fda)
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_error.log' (pos = 14735, hash = 6c53276f4fca2c393f4c11ecd2cab2373ab842c6)
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_error.log' (pos = 10265, hash = 67385230befcffbf74275322a0b86edee9f46842)
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_error.log' (pos = 11172, hash = d8ea4ce7f6fa0f73eb46140cf1751f1b900b1b2a)
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_error.log' (pos = 1634, hash = 7ef7e20cbc1d94193337a421ae2b5405a95f5d80)
 2024-04-05 11:00:37,119 148402BC3B08 INFO  Creating new jail 'nginx-deny'
 2024-04-05 11:00:37,120 148402BC3B08 INFO  Jail 'nginx-deny' uses poller {}
 2024-04-05 11:00:37,120 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,120 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,120 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,120 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,121 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_error.log' (pos = 229, hash = 215843c3d5b6df924ff879dafe39cbdf2957469c)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_error.log' (pos = 2197, hash = cbff8364089aca03c224c1e6289cd44614a0690a)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_error.log' (pos = 2519, hash = 1bab90f244190226109958ce0a12ac6ffc0409e7)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/error.log' (pos = 7714, hash = ecb7c37f8adf5c82c49db02e3be2ceb692eb6fda)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_error.log' (pos = 14735, hash = 6c53276f4fca2c393f4c11ecd2cab2373ab842c6)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_error.log' (pos = 10265, hash = 67385230befcffbf74275322a0b86edee9f46842)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_error.log' (pos = 11172, hash = d8ea4ce7f6fa0f73eb46140cf1751f1b900b1b2a)
 2024-04-05 11:00:37,121 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,122 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_error.log' (pos = 1634, hash = 7ef7e20cbc1d94193337a421ae2b5405a95f5d80)
 2024-04-05 11:00:37,122 148402BC3B08 INFO  Creating new jail 'nginx-http-auth'
 2024-04-05 11:00:37,122 148402BC3B08 INFO  Jail 'nginx-http-auth' uses poller {}
 2024-04-05 11:00:37,122 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,123 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,123 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,123 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,123 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,123 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,123 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_error.log' (pos = 229, hash = 215843c3d5b6df924ff879dafe39cbdf2957469c)
 2024-04-05 11:00:37,123 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,123 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_error.log' (pos = 2197, hash = cbff8364089aca03c224c1e6289cd44614a0690a)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_error.log' (pos = 2519, hash = 1bab90f244190226109958ce0a12ac6ffc0409e7)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/error.log' (pos = 7714, hash = ecb7c37f8adf5c82c49db02e3be2ceb692eb6fda)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_error.log' (pos = 14735, hash = 6c53276f4fca2c393f4c11ecd2cab2373ab842c6)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_error.log' (pos = 10265, hash = 67385230befcffbf74275322a0b86edee9f46842)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_error.log' (pos = 11172, hash = d8ea4ce7f6fa0f73eb46140cf1751f1b900b1b2a)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_error.log' (pos = 1634, hash = 7ef7e20cbc1d94193337a421ae2b5405a95f5d80)
 2024-04-05 11:00:37,124 148402BC3B08 INFO  Creating new jail 'nginx-limit-req'
 2024-04-05 11:00:37,125 148402BC3B08 INFO  Jail 'nginx-limit-req' uses poller {}
 2024-04-05 11:00:37,125 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,125 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,125 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,125 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,125 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_error.log' (pos = 229, hash = 215843c3d5b6df924ff879dafe39cbdf2957469c)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_error.log' (pos = 2197, hash = cbff8364089aca03c224c1e6289cd44614a0690a)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_error.log' (pos = 2519, hash = 1bab90f244190226109958ce0a12ac6ffc0409e7)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/error.log' (pos = 7714, hash = ecb7c37f8adf5c82c49db02e3be2ceb692eb6fda)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_error.log' (pos = 14735, hash = 6c53276f4fca2c393f4c11ecd2cab2373ab842c6)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_error.log' (pos = 10265, hash = 67385230befcffbf74275322a0b86edee9f46842)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_error.log' (pos = 11172, hash = d8ea4ce7f6fa0f73eb46140cf1751f1b900b1b2a)
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_error.log' (pos = 0, hash = )
 2024-04-05 11:00:37,126 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_error.log' (pos = 1634, hash = 7ef7e20cbc1d94193337a421ae2b5405a95f5d80)
 2024-04-05 11:00:37,127 148402BC3B08 INFO  Creating new jail 'nginx-unauthorized'
 2024-04-05 11:00:37,127 148402BC3B08 INFO  Jail 'nginx-unauthorized' uses poller {}
 2024-04-05 11:00:37,127 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,127 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,127 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,128 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,128 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/letsencrypt-requests_access.log' (pos = 0, hash = )
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-10_access.log' (pos = 2172037, hash = 61d88ba30ed2af6b75bcc7a579c87b0612c5ed91)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-11_access.log' (pos = 73438, hash = 1d0721394a79696608903b39b19c51409687ddca)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-16_access.log' (pos = 34946, hash = 047fff10c4b6ab8239b932f1c135477ab4d4c8a2)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-21_access.log' (pos = 69809, hash = 7f3d6c8b8437292f5109e499ba4ec0190dd4e7bd)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-15_access.log' (pos = 375320, hash = 17dfff7aeba0fbe9ba3b2b28625df4abb2260676)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-20_access.log' (pos = 2125, hash = 4b2c0d67128b02d4d204b04b9b146f82207343b2)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/default-host_access.log' (pos = 112081, hash = 3070810110c59dd36acfcd3a27a995e88a4f2767)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/fallback_access.log' (pos = 23896, hash = 8473fec3c4189cbc82279835cce81dbec866dee6)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-12_access.log' (pos = 1245668, hash = 6bc90e6306edf712eaaeaa6ac0fd148573d0fc50)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-17_access.log' (pos = 2281, hash = 01aa3e1c4fe3fe5ad7bcdcd5b1acd8ab46d6ddee)
 2024-04-05 11:00:37,128 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-13_access.log' (pos = 123735, hash = c2cebb8c35c0f8b4379113bb8f0164f31d4dd022)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-18_access.log' (pos = 2819, hash = 1a786b7b0884fefd7c2c8ef62620a9e258e7c405)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-14_access.log' (pos = 3317, hash = ad741a4351ab5876775124faaca6c514222cbf37)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-19_access.log' (pos = 1902, hash = 2efdab895b05ca18b535eedb196930b1b6b9a796)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-22_access.log' (pos = 14786, hash = a652c3e216a2c89ef20a5dacb439b71a2a4f23a4)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Added logfile: '/remotelogs/nginx/proxy-host-23_access.log' (pos = 29212, hash = a5b634b17befa19f13a71ec2a5c7d7ed8842c0cc)
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Creating new jail 'sabnzbd-auth'
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Jail 'sabnzbd-auth' uses poller {}
 2024-04-05 11:00:37,129 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,131 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,131 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,131 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,131 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,131 148402BC3B08 INFO  Added logfile: '/remotelogs/sabnzbd/sabnzbd.log' (pos = 4682000, hash = ccefcec35cec82d8245c43d57aaae13cc9d5ef31)
 2024-04-05 11:00:37,132 148402BC3B08 INFO  Creating new jail 'sonarr-auth'
 2024-04-05 11:00:37,132 148402BC3B08 INFO  Jail 'sonarr-auth' uses poller {}
 2024-04-05 11:00:37,132 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,132 148402BC3B08 INFO    maxRetry: 2
 2024-04-05 11:00:37,132 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,132 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,133 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,133 148402BC3B08 INFO  Added logfile: '/remotelogs/sonarr/sonarr.txt' (pos = 895236, hash = 8a3c6d82d13943f5376372b8070f5b7367b4c41e)
 2024-04-05 11:00:37,133 148402BC3B08 INFO  Creating new jail 'vaultwarden-auth'
 2024-04-05 11:00:37,133 148402BC3B08 INFO  Jail 'vaultwarden-auth' uses poller {}
 2024-04-05 11:00:37,133 148402BC3B08 INFO  Initiated 'polling' backend
 2024-04-05 11:00:37,134 148402BC3B08 INFO    maxRetry: 1
 2024-04-05 11:00:37,134 148402BC3B08 INFO    findtime: 86400
 2024-04-05 11:00:37,134 148402BC3B08 INFO    banTime: -1
 2024-04-05 11:00:37,134 148402BC3B08 INFO    encoding: UTF-8
 2024-04-05 11:00:37,134 148402BC3B08 INFO  Added logfile: '/remotelogs/vaultwarden/vaultwarden.log' (pos = 7486, hash = f8e87372fda584c23d4dbbf23b3f6605dac62209)
 2024-04-05 11:00:37,142 148400D19B38 WARNI [authelia-auth] Found a match but no valid date/time found for ''.
 2024-04-05 11:00:37,142 148400D19B38 WARNI [authelia-auth] Match without a timestamp: {"error":"user not found","level":"error","method":"POST","msg":"Unsuccessful 1FA authentication attempt by user 'jhjhjhj'","path":"/api/firstfactor","remote_ip":"31.132.200.11","stack":[{"File":"github.com/authelia/authelia/v4/internal/handlers/response.go","Line":275,"Name":"markAuthenticationAttempt"},{"File":"github.com/authelia/authelia/v4/internal/handlers/handler_firstfactor.go","Line":52,"Name":"handleRouter.FirstFactorPOST.func10"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/bridge.go","Line":54,"Name":"handleRouter.(*BridgeBuilder).Build.func5.1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":65,"Name":"SecurityHeadersCSPNone.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":91,"Name":"SecurityHeadersNoStore.func1"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/headers.go","Line":30,"Name":"SecurityHeadersBase.func1"},{"File":"github.com/fasthttp/router@v1.5.0/router.go","Line":441,"Name":"(*Router).Handler"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/log_request.go","Line":14,"Name":"handleRouter.LogRequest.func40"},{"File":"github.com/authelia/authelia/v4/internal/middlewares/errors.go","Line":38,"Name":"RecoverPanic.func1"},{"File":"github.com/valyala/fasthttp@v1.52.0/server.go","Line":2374,"Name":"(*Server).serveConn"},{"File":"github.com/valyala/fasthttp@v1.52.0/workerpool.go","Line":224,"Name":"(*workerPool).workerFunc"},{"File":"github.com/valyala/fasthttp@v1.52.0/workerpool.go","Line":196,"Name":"(*workerPool).getCh.func1"},{"File":"runtime/asm_amd64.s","Line":1695,"Name":"goexit"}],"time":"2024-04-05T09:15:00+02:00"}
 2024-04-05 11:00:37,142 148400D19B38 WARNI [authelia-auth] Please try setting a custom date pattern (see man page jail.conf(5)).
 2024-04-05 11:00:37,196 148402BC3B08 INFO  Jail 'authelia-auth' started
 2024-04-05 11:00:37,197 148402BC3B08 INFO  Jail 'nextcloud-auth' started
 2024-04-05 11:00:37,198 148402BC3B08 INFO  Jail 'nginx-418' started
 2024-04-05 11:00:37,229 1483FFBD0B38 INFO  [nginx-bad-request] Found 185.161.248.148 - 2024-04-05 09:18:53
 2024-04-05 11:00:37,230 1483FFBD0B38 INFO  [nginx-bad-request] Found 167.94.138.125 - 2024-04-05 09:36:34
 2024-04-05 11:00:37,237 148402BC3B08 INFO  Jail 'nginx-bad-request' started
 2024-04-05 11:00:37,239 148402BC3B08 INFO  Jail 'nginx-badbots' started
 2024-04-05 11:00:37,240 148402BC3B08 INFO  Jail 'nginx-botsearch' started
 2024-04-05 11:00:37,241 148402BC3B08 INFO  Jail 'nginx-deny' started
 2024-04-05 11:00:37,243 148402BC3B08 INFO  Jail 'nginx-http-auth' started
 2024-04-05 11:00:37,244 148402BC3B08 INFO  Jail 'nginx-limit-req' started
 2024-04-05 11:00:37,248 148402BC3B08 INFO  Jail 'nginx-unauthorized' started
 2024-04-05 11:00:37,250 148402BC3B08 INFO  Jail 'sabnzbd-auth' started
 2024-04-05 11:00:37,258 148402BC3B08 INFO  Jail 'sonarr-auth' started
 2024-04-05 11:00:37,259 148402BC3B08 INFO  Jail 'vaultwarden-auth' started

github-actions[bot] commented 5 months ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

furian88 commented 5 months ago

in the console of fail2ban docker i can see these rules:

not of this is however visible on the host (also no chain) -A f2b-HTTP -s 13.40.99.210/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-HTTP -s 176.53.221.188/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-HTTP -s 13.40.73.230/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-HTTP -s 176.53.218.4/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-HTTP -s 13.40.73.139/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-HTTP -s 176.53.217.203/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-HTTP -s 13.40.72.216/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-HTTP -s 174.246.165.63/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-HTTP -s 13.40.48.157/32 -j REJECT --reject-with icmp-port-unreachable -A f2b-HTTP -s 174.218.225.78/32 -j REJECT --reject-with icmp-port-unreachable

mac-lucky commented 5 months ago

+1

danielaranki commented 4 months ago

I suspect that the rebase to Alpine 3.19 a couple of months ago may have caused this.

According to https://www.alpinelinux.org/posts/Alpine-3.19.0-released.html

iptables-nft is now the default iptables backend.

Whereas unraid uses iptables-legacy as the default iptables backend. So unraid's docker (host) populates the DOCKER-USER chain (and others) in the -legacy backend. On the other hand, fail2ban now tries to manipulate the iptables-nft backend, which does not contain the DOCKER-USER chain, so the rules/chains are broken in fail2ban.

As a test, I tried installing iptables-legacy inside the fail2ban container:

docker exec -it fail2ban apk add iptables-legacy

then changed the jail.local to use it:

banaction = iptables-multiport[iptables=iptables-legacy]

and now things are working again.

Of course this is not a permanent solution (since an update to the docker image would again remove iptables-legacy), but just a test to confirm my suspicions.

cheuer commented 4 months ago

Facing the same issue in Unraid 6.12.4, so I have rolled back to the 1.0.2-r2-ls60 release before the rebase to Alpine 3.19 and this seems to have fixed it. To do this set the repository to ghcr.io/linuxserver/fail2ban:1.0.2-r2-ls60.

Hopefully it can be addressed in a future release.

LinuxServer-CI commented 3 months ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

diggerydoo commented 3 months ago

Facing the same issue in Unraid 6.12.4, so I have rolled back to the 1.0.2-r2-ls60 release before the rebase to Alpine 3.19 and this seems to have fixed it. To do this set the repository to ghcr.io/linuxserver/fail2ban:1.0.2-r2-ls60.

Hopefully it can be addressed in a future release.

I seem to still be having this same issue in ghcr.io/linuxserver/fail2ban:1.0.2-r2-ls60 Ban detection works but actual ban action doesn't seem to add any rules to iptables. Any ideas?

Snippet of error from `fail2ban.log`:

2024-06-22 22:40:18,864 14908166CB38 NOTIC [authelia-auth] Ban <redacted IP>
2024-06-22 22:40:18,868 14908166CB38 ERROR 1490818e0990 -- exec: { iptables -w -C f2b-authelia-auth -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-authelia-auth || true; iptables -w -A f2b-authelia-auth -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C DOCKER-USER -p $proto -m multiport --dports http,https,9091 -j f2b-authelia-auth >/dev/null 2>&1; } || { iptables -w -I DOCKER-USER -p $proto -m multiport --dports http,https,9091 -j f2b-authelia-auth; }
done
2024-06-22 22:40:18,869 14908166CB38 ERROR 1490818e0990 -- stderr: 'iptables: No chain/target/match by that name.'
2024-06-22 22:40:18,869 14908166CB38 ERROR 1490818e0990 -- returned 1
2024-06-22 22:40:18,869 14908166CB38 ERROR Failed to execute ban jail 'authelia-auth' action 'iptables-multiport' info 'ActionInfo({'ip': '<redacted IP>', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x14908266f420>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x14908266fba0>})': Error starting action Jail('authelia-auth')/iptables-multiport: 'Script error'

jail: `authelia-auth`

[authelia-auth]

enabled  = false
port     = http,https,9091
logpath  = %(remote_logs_path)s/authelia/authelia.log

Snippet from `jail.local`

[authelia-auth]
enabled = true
chain = DOCKER-USER
action = %(known/action)s

Docker Run

docker run
  -d
  --name='fail2ban'
  --net='customzone'
  -e TZ="UTC"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="<redacted>"
  -e HOST_CONTAINERNAME="fail2ban"
  -e 'VERBOSITY'='-vv'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -e 'UMASK'='022'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/fail2ban-logo.png'
  -v '/var/log/':'/var/log':'ro'
  -v '/mnt/user/appdata/Authelia/logs/':'/remotelogs/authelia':'ro'
  -v '/mnt/user/appdata/Nginx-Proxy-Manager-Official/data/logs/':'/remotelogs/nginx':'ro'
  -v '/mnt/user/appdata/fail2ban':'/config':'rw'
  --cap-add=NET_ADMIN
  --cap-add=NET_RAW 'ghcr.io/linuxserver/fail2ban:1.0.2-r2-ls60'

LinuxServer-CI commented 2 months ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

klack commented 2 months ago

This issue should probably stay open...

LinuxServer-CI commented 4 weeks ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

cheuer commented 3 weeks ago

This issue is still not resolved, this bot is unhelpful.

linuxserver / docker-fail2ban

[BUG] fail2ban stopped working a while ago without me knowing #25

Is there an existing issue for this?

Current Behavior

Expected Behavior

Steps To Reproduce

port = http,80,https,443,9091

protocol = tcp

action = %(known/action)s

port = http,80,https,443,18443,1880,7818

action = %(known/action)s

Environment

CPU architecture

Docker creation

Container logs

Snippet of error from `fail2ban.log`:

jail: `authelia-auth`

Snippet from `jail.local`

Docker Run

linuxserver / docker-fail2ban

[BUG] fail2ban stopped working a while ago without me knowing #25

Is there an existing issue for this?

Current Behavior

Expected Behavior

Steps To Reproduce

port = http,80,https,443,9091

protocol = tcp

action = %(known/action)s

port = http,80,https,443,18443,1880,7818

action = %(known/action)s

Environment

CPU architecture

Docker creation

Container logs

Snippet of error from fail2ban.log:

jail: authelia-auth

Snippet from jail.local

Docker Run

Snippet of error from `fail2ban.log`:

jail: `authelia-auth`

Snippet from `jail.local`