Removed ipLimit from the panel, changed the code to work with fail2ban #580
Conversation
Removed limitDevice and other unnecessary functions
Removed limitDevice and other unnecessary functions
…recise)
changed maxretry in fail2ban jail config to 2 to fit above
|
hi @somebodywashere
|
Hello. Sure, I agree with you and will try to do so in a few days. |
|
I'll accept this, but for log on x-ui open a new PR |
|
could you please port this for @hiddify1 panel ? |
|
@somebodywashere thanks for your great work |
Hello! A wasted a couple of days trying to make stable and reliable Device limit with the base code (thorught cmd module you used).
But I made a decision to drop it completly from the panel because it still not that reliable, stable, pretty heave for machine and not configurable at all for end user.
So I just made logging of ips that get added to disAllowedIIps and configured fail2ban. It works like a charm now for me (tested 1 full day).
I did not fully removed whole code, because I noticed that disAllowed Ips somehow interact with XrayBlockedIPS.
fail2ban is pretty lightweight service that could be configured to use with UFW (I'm actually doing it) and perfectly suits for limiting devices aswell.
In my mind I think IP Limit should be optional and added to the main menu to configure (like WARP). Made a quick draft of commands to work:
sudo apt-get install fail2ban -ysudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localsudo echo $'\n[3x-ipl]\nenabled=true\nfilter=3x-ipl\naction=iptables-allports\nlogpath=/var/log/daemon.log\nmaxretry=3\nfindtime=150\nbantime=300' >> /etc/fail2ban/jail.localsudo echo $'[Definition]\nfailregex = [LIMIT_IP].+SRC= <HOST>\nignoreregex =' >> /etc/fail2ban/filter.d/3x-ipl.confMy config for jail:
[3x-ipl]
enabled=true
filter=3x-ipl
action=iptables-allports
logpath=/var/log/daemon.log
maxretry=3
findtime=150
bantime=300
Still deciding of what will fit the best. Also you can integrate a few "presets" of configs like above.
