mshaik 2 Posted November 1, 2021 Author Share Posted November 1, 2021 Finally I am able to ban Ip using fail2ban-docker, npm-docker and emby-docker. 1. Create a folder fail2ban and create the docker-compose.yml adding the following code: ``` version: "3.7" services: fail2ban: image: crazymax/fail2ban:latest container_name: fail2ban_docker network_mode: "host" environment: - TZ=US/Eastern - F2B_LOG_TARGET=STDOUT - F2B_LOG_LEVEL=INFO - F2B_DB_PURGE_AGE=1d cap_add: - NET_ADMIN - NET_RAW volumes: - "path/to/storage/fail2ban/data:/data" - "path/to/storage/fail2ban/log/:/var/log/" - "path/to/storage/nginxproxymanager/AppData/data/logs:/log/npm/:ro" - "path/to/storage/emby/logs:/log/emby/:ro" restart: unless-stopped ``` 2. In the fail2ban/data/ folder you created in your storage, create action.d, jail.d, filter.d folders and copy the files in the corresponding folder of git into them. i.e jail.d will have npm-docker.local,emby.local, filter.d will have npm-docker.conf,emby.conf and filter.d will have docker-action.conf,emby-action.conf respectively . Folder: fail2ban/data/jail.d npm-docker.local ``` [npm-docker] enabled = true ignoreip = 127.0.0.1/8 192.168.1.0/24 logpath = /log/npm/default-host_*.log /log/npm/proxy-host-*.log maxretry = 3 bantime = 86400 findtime = 60 action = docker-action ``` emby.local ``` [emby] enabled = true logpath = /log/emby/embyserver.txt ignoreip = 127.0.0.1/8 192.168.1.0/24 # your local IP subnets maxretry = 3 bantime = 84600 findtime = 60 action = emby-docker-action ``` Folder: fail2ban/data/filter.d emby.conf ``` [INCLUDES] [Definition] failregex = Response.4\d\d.to <HOST>.+ Time AUTH-ERROR: <HOST>.+- ``` npm-docker.conf ``` [INCLUDES] [Definition] failregex = ^<HOST>.+" (4\d\d|3\d\d) (\d\d\d|\d) .+$ ^.+ 4\d\d \d\d\d - .+ \[Client <HOST>\] \[Length .+\] ".+" .+$ ``` Folder: fail2ban/data/action.d docker-action.conf ``` [Definition] actionstart = iptables -N f2b-npm-docker iptables -A f2b-npm-docker -j RETURN iptables -I FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-npm-docker actionstop = iptables -D FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-npm-docker iptables -F f2b-npm-docker iptables -X f2b-npm-docker actioncheck = iptables -n -L FORWARD | grep -q 'f2b-npm-docker[ \t]' actionban = iptables -I f2b-npm-docker -s <ip> -j DROP actionunban = iptables -D f2b-npm-docker -s <ip> -j DROP ``` emby-action.conf ``` [Definition] actionstart = iptables -N f2b-emby iptables -A f2b-emby-docker -j RETURN iptables -I FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-emby actionstop = iptables -D FORWARD -p tcp -m multiport --dports 0:65535 -j f2b-emby iptables -F f2b-emby iptables -X f2b-emby actioncheck = iptables -n -L FORWARD | grep -q 'f2b-emby[ \t]' actionban = iptables -I f2b-emby -s <ip> -j DROP actionunban = iptables -D f2b-emby -s <ip> -j DROP ``` 3. Once these are set, run the docker compose and check if the container is up and running or not Solution: It's setting custom action to ban and unban and also use Iptables forward from forward to f2b-npm-docker, f2b-emby which is more configuring up docker network, my docker containers are all in forward chain network, you can change FOWARD to DOCKER-USER or INPUT according to your docker-containers network. I used following guides to finally come up with this: https://github.com/jc21/nginx-proxy-manager/issues/39#issuecomment-907795521 - setup https://www.the-lazy-dev.com/en/install-fail2ban-with-docker/ - iptable commands etc .. Hope this helps some one like me who is trying to solve the issues they face with fail2ban and docker networks Link to comment Share on other sites More sharing options...
Luke 37007 Posted November 1, 2021 Share Posted November 1, 2021 @mshaik Thanks for the feedback. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now