We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fail2Ban container running on a Raspberry Pi 4, failing to properly ban ips.
[traefik-auth]
The ban phase works and the iptable action works.
The ban phase works, but the action fails for some reason. It's the same issue as #55, but it was never resolved.
docker --version
docker-compose --version
uname -a
docker-compose.yml
.env
fail2ban: image: crazymax/fail2ban:latest container_name: fail2ban security_opt: - no-new-privileges:true network_mode: "host" cap_add: - NET_ADMIN - NET_RAW volumes: - ./fail2ban:/data - /var/log:/var/log:ro - ./traefik/traefik.log:/logextra/traefik.log:ro environment: - TZ=${TZ} - F2B_LOG_TARGET=${FAIL2BAN_F2B_LOG_TARGET} - F2B_LOG_LEVEL=${FAIL2BAN_F2B_LOG_LEVEL} - F2B_DB_PURGE_AGE=${FAIL2BAN_F2B_DB_PURGE_AGE} - SSMTP_HOST=${FAIL2BAN_SSMTP_HOST} - SSMTP_PORT=${FAIL2BAN_SSMTP_PORT} - SSMTP_HOSTNAME=${FAIL2BAN_SSMTP_HOSTNAME} - SSMTP_USER=${FAIL2BAN_SSMTP_USER} - SSMTP_PASSWORD=${FAIL2BAN_SSMTP_PASSWORD} - SSMTP_TLS=${FAIL2BAN_SSMTP_TLS} restart: unless-stopped
FAIL2BAN_F2B_LOG_TARGET=STDOUT FAIL2BAN_F2B_LOG_LEVEL=INFO FAIL2BAN_F2B_DB_PURGE_AGE=1d
[DEFAULT] bantime = 1h maxretry = 3 findtime = 1h ignoreip = 127.0.0.1/8 ::1 enabled = false mode = normal destemail = root@localhost sender = root@$(hostname -f) action = %(action_mwl)s port = 0:65535 banaction = iptables-multiport
[traefik-auth] enabled = true chain = DOCKER-USER port = http,https filter = traefik-auth logpath = /logextra/traefik.log
> Output of command `docker info` Client: Debug Mode: false Server: Containers: 9 Running: 9 Paused: 0 Stopped: 0 Images: 10 Server Version: 19.03.13 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 5.4.51-v7l+ Operating System: Raspbian GNU/Linux 10 (buster) OSType: linux Architecture: armv7l CPUs: 4 Total Memory: 7.691GiB Name: raspberrypi ID: HNQJ:2QLW:NIJP:OCJQ:6RLW:B7TX:EGNG:VBNS:MLKF:76S3:DMWF:CWNU Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: No memory limit support WARNING: No swap limit support WARNING: No kernel memory limit support WARNING: No kernel memory TCP limit support WARNING: No oom kill disable support WARNING: No cpu cfs quota support WARNING: No cpu cfs period support
2020-10-22 02:32:30,216 fail2ban.server [1]: INFO Starting Fail2ban v0.11.1 2020-10-22 02:32:30,220 fail2ban.observer [1]: INFO Observer start... 2020-10-22 02:32:30,225 fail2ban.database [1]: INFO Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3' 2020-10-22 02:32:30,228 fail2ban.jail [1]: INFO Creating new jail 'traefik-auth' 2020-10-22 02:32:30,251 fail2ban.jail [1]: INFO Jail 'traefik-auth' uses pyinotify {} 2020-10-22 02:32:30,253 fail2ban.jail [1]: INFO Initiated 'pyinotify' backend 2020-10-22 02:32:30,259 fail2ban.filter [1]: INFO maxRetry: 5 2020-10-22 02:32:30,260 fail2ban.filter [1]: INFO findtime: 600 2020-10-22 02:32:30,260 fail2ban.actions [1]: INFO banTime: 600 2020-10-22 02:32:30,261 fail2ban.filter [1]: INFO encoding: UTF-8 2020-10-22 02:32:30,262 fail2ban.filter [1]: INFO Added logfile: '/logextra/traefik.log' (pos = 0, hash = 550e4202c7074eb9b0faf38a81af86cde593562a) 2020-10-22 02:32:30,732 fail2ban.jail [1]: INFO Jail 'traefik-auth' started Server ready 2020-10-22 05:01:04,088 fail2ban.filter [1]: INFO [traefik-auth] Found 10.2.0.5 - 2020-10-22 05:01:03 2020-10-22 05:01:05,832 fail2ban.filter [1]: INFO [traefik-auth] Found 10.2.0.5 - 2020-10-22 05:01:05 2020-10-22 05:01:07,787 fail2ban.filter [1]: INFO [traefik-auth] Found 10.2.0.5 - 2020-10-22 05:01:07 2020-10-22 05:01:09,397 fail2ban.filter [1]: INFO [traefik-auth] Found 10.2.0.5 - 2020-10-22 05:01:09 2020-10-22 05:01:16,077 fail2ban.filter [1]: INFO [traefik-auth] Found 10.2.0.5 - 2020-10-22 05:01:16 2020-10-22 05:01:16,161 fail2ban.actions [1]: NOTICE [traefik-auth] Ban 10.2.0.5 2020-10-22 05:01:16,197 fail2ban.utils [1]: ERROR b63d76e0 -- exec: iptables -w -N f2b-traefik-auth iptables -w -A f2b-traefik-auth -j RETURN iptables -w -I DOCKER-USER -p tcp -m multiport --dports http,https -j f2b-traefik-auth 2020-10-22 05:01:16,198 fail2ban.utils [1]: ERROR b63d76e0 -- stderr: 'iptables: Chain already exists.' 2020-10-22 05:01:16,199 fail2ban.utils [1]: ERROR b63d76e0 -- stderr: 'iptables: No chain/target/match by that name.' 2020-10-22 05:01:16,200 fail2ban.utils [1]: ERROR b63d76e0 -- returned 1 2020-10-22 05:01:16,201 fail2ban.actions [1]: ERROR Failed to execute ban jail 'traefik-auth' action 'iptables-multiport' info 'ActionInfo({'ip': '10.2.0.5', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0xb65ef658>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0xb65ef9b8>})': Error starting action Jail('traefik-auth')/iptables-multiport: 'Script error'
The text was updated successfully, but these errors were encountered:
It turns out I needed to do this https://github.com/crazy-max/docker-fail2ban#use-iptables-tooling-without-nftables-backend
Sorry, something went wrong.
No branches or pull requests
Behaviour
Fail2Ban container running on a Raspberry Pi 4, failing to properly ban ips.
Steps to reproduce this issue
[traefik-auth]
jailExpected behaviour
Actual behaviour
Configuration
docker --version
) : Docker version 19.03.13, build 4484c46docker-compose --version
) : docker-compose version 1.27.3, build unknownuname -a
) : Linux raspberrypi 5.4.51-v7l+ #1333 SMP Mon Aug 10 16:51:40 BST 2020 armv7l GNU/Linuxdocker-compose.yml
,.env
, ...docker-compose.yml
.env (relevant info only ^^)
jail.local
jail.d/traefik.local
Output of command `docker info`
Container logs (set LOG_LEVEL to debug if applicable)
The text was updated successfully, but these errors were encountered: