Greetings Fellow,
I have a problem with Fail2ban and Docker.
I have two VM, one has a Ngnix reverse proxy, the other one has Bitwarden(docker) and Fail2ban (without docker) running.
Bitwarden works great but Fail2ban doesn’t quite do what it should do. I followed the instructions (https://github.com/dani-garcia/bitwarden_rs/wiki/Fail2Ban-Setup), which detects the IP and writes it to the ban list, but doesn’t block it. I think it’s because of the IPtables or the whole configuration with docker and Reverse Proxy.
I have set up an X-Forwarded on the ReverseProxy.
My Jail look like this :
[bitwarden_rs]
enabled = true
port = 80,443,8081
filter = bitwarden_rs
action = iptables-proxy[name = bitwarden_rs, port = http, protocol = tcp]
logpath = /root/bw-data/bitwarden.log
maxretry = 3
bantime = 14400
findtime = 14400
iptables-proxy:
[INCLUDES]
before = iptables-blocktype.conf
[Definition]
# Option: actionstart
# Notes.: command executed once at the start of Fail2Ban
# Values: CMD
#
actionstart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'.
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: lake jail.conf(5) man page
# Values: CMD
#
actionban = iptables -I fail2ban-<name> 1 -p tcp --dport 80 -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
# command is executed with Fail2Ban user rights.
# Tags: lake jail.conf(5) man page
# Values: CMD
#
actionunban = iptables -D fail2ban-<name> -p tcp --dport 80 -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP
[Init]
# Default name of the chain
#
name = default
# Option: port
# Notes.: specifies port to monitor
# Values: [ NUM | STRING ] Default:
#
port = http
# Option: protocol
# Notes.: internally used by config reader for interpolations.
# Values: [ tcp ] | udp | icmp | all ] Default: tcp
#
protocol = tcp
# Option: chain
# Notes specifies the iptables chain to which the fail2ban rules should be
# added
# Values: STRING Default: INPUT
chain = INPUT
Any idea?