linuxserver / fail2ban-confs

These confs are pulled into our fail2ban image: https://github.com/linuxserver/docker-fail2ban
GNU General Public License v3.0
39 stars 12 forks source link

Do these configs proactively block UDP by default? #26

Open eiqnepm opened 2 months ago

eiqnepm commented 2 months ago

I am using HTTPS/3 for my reverse proxy, I have noticed that new attempts to visit the site are blocked, but existing connections are still able to attempt logins. Could this be because these configs aren't proactively blocking the existing TCP and or UDP connections?

jail.local

```ini [DEFAULT] # "bantime.increment" allows to use database for searching of previously banned ip's to increase a # default ban time bantime.increment = true # "bantime.maxtime" is the max number of seconds using the ban time can reach (doesn't grow further) bantime.maxtime = 5w # "bantime.factor" is a coefficient to calculate exponent growing of the formula or common multiplier bantime.factor = 24 # "bantime" is the number of seconds that a host is banned. bantime = 1h # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 24h # "maxretry" is the number of failures before a host get banned. maxretry = 5 # Prevents banning LAN subnets ignoreip = 127.0.0.1/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 [vaultwarden-auth] # configuration inherits from jail.d/vaultwarden-auth.conf enabled = true chain = DOCKER-USER [homeassistant-auth] # configuration inherits from jail.d/homeassistant-auth.conf enabled = true chain = DOCKER-USER port = http,https ```

eiqnepm commented 2 months ago

I changed protocol to all and banaction to all ports and the issue is resolved, I assume the prior did the trick as I assume HTTP/3 wasn't being blocked on the default config.