You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all thank you for developping this app.
I managed to make it work well for ssh access (on the host).
Now I am trying to make it work for nextcloud (in a docker container).
I do get ban notices on fail2ban container logs, but no actual banning is done.
I am pretty sure it's the chain mentionned in the jail.d file that needs to be changed.
I tried DOCKER-USER but I get this on fail2ban log when it's trying to ban an address:
2023-11-29 22:12:56,085 fail2ban.utils [1]: ERROR 7fb501ea0e30 -- exec: { iptables -w -C f2b-nextcloud -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-nextcloud || true; iptables -w -A f2b-nextcloud -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C DOCKER-USER -p $proto -m multiport --dports 80,443 -j f2b-nextcloud >/dev/null 2>&1; } || { iptables -w -I DOCKER-USER -p $proto -m multiport --dports 80,443 -j f2b-nextcloud; }
done
2023-11-29 22:12:56,085 fail2ban.utils [1]: ERROR 7fb501ea0e30 -- stderr: 'iptables: No chain/target/match by that name.'
2023-11-29 22:12:56,085 fail2ban.utils [1]: ERROR 7fb501ea0e30 -- returned 1
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
First of all thank you for developping this app.
I managed to make it work well for ssh access (on the host).
Now I am trying to make it work for nextcloud (in a docker container).
I do get ban notices on fail2ban container logs, but no actual banning is done.
filter.d/nextcloud.conf
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+)))
failregex = ^{%(_groupsre)s,?\s"remoteAddr":""%(_groupsre)s,?\s*"message":"Login failed:
^{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Trusted domain error.
^{%(_groupsre)s,?\s*"remoteAddr":""%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
jail.d/nextcloud.local
[nextcloud]
chain = INPUT
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = nextcloud
maxretry = 3
bantime = 86400
findtime = 43200
logpath = /var/log/nextcloud.log
I am pretty sure it's the chain mentionned in the jail.d file that needs to be changed.
I tried DOCKER-USER but I get this on fail2ban log when it's trying to ban an address:
2023-11-29 22:12:56,085 fail2ban.utils [1]: ERROR 7fb501ea0e30 -- exec: { iptables -w -C f2b-nextcloud -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-nextcloud || true; iptables -w -A f2b-nextcloud -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C DOCKER-USER -p $proto -m multiport --dports 80,443 -j f2b-nextcloud >/dev/null 2>&1; } || { iptables -w -I DOCKER-USER -p $proto -m multiport --dports 80,443 -j f2b-nextcloud; }
done
2023-11-29 22:12:56,085 fail2ban.utils [1]: ERROR 7fb501ea0e30 -- stderr: 'iptables: No chain/target/match by that name.'
2023-11-29 22:12:56,085 fail2ban.utils [1]: ERROR 7fb501ea0e30 -- returned 1
Beta Was this translation helpful? Give feedback.
All reactions