-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removed ipLimit from the panel, changed the code to work with fail2ban #580
Conversation
Removed limitDevice and other unnecessary functions
Removed limitDevice and other unnecessary functions
…recise) changed maxretry in fail2ban jail config to 2 to fit above
hi @somebodywashere |
Hello. Sure, I agree with you and will try to do so in a few days. |
I'll accept this, but for log on x-ui open a new PR |
could you please port this for @hiddify1 panel ? |
@somebodywashere thanks for your great work |
Hello! A wasted a couple of days trying to make stable and reliable Device limit with the base code (thorught cmd module you used).
But I made a decision to drop it completly from the panel because it still not that reliable, stable, pretty heave for machine and not configurable at all for end user.
So I just made logging of ips that get added to disAllowedIIps and configured fail2ban. It works like a charm now for me (tested 1 full day).
I did not fully removed whole code, because I noticed that disAllowed Ips somehow interact with XrayBlockedIPS.
fail2ban is pretty lightweight service that could be configured to use with UFW (I'm actually doing it) and perfectly suits for limiting devices aswell.
In my mind I think IP Limit should be optional and added to the main menu to configure (like WARP). Made a quick draft of commands to work:
sudo apt-get install fail2ban -y
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo echo $'\n[3x-ipl]\nenabled=true\nfilter=3x-ipl\naction=iptables-allports\nlogpath=/var/log/daemon.log\nmaxretry=3\nfindtime=150\nbantime=300' >> /etc/fail2ban/jail.local
sudo echo $'[Definition]\nfailregex = [LIMIT_IP].+SRC= <HOST>\nignoreregex =' >> /etc/fail2ban/filter.d/3x-ipl.conf
My config for jail:
[3x-ipl]
enabled=true
filter=3x-ipl
action=iptables-allports
logpath=/var/log/daemon.log
maxretry=3
findtime=150
bantime=300
Still deciding of what will fit the best. Also you can integrate a few "presets" of configs like above.