You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi @crazy-max I am not sure whether this is the right place to post this but I am trying to resolve the issue for fail2ban docker container still allowing banned IP's. I tried setting Chain to DOCKER-USER but it's failing with the following error:
2021-10-25 21:52:14,022 fail2ban.utils [1]: ERROR b64f6650 -- exec: iptables -w -N f2b-npm-docker
iptables -w -A f2b-npm-docker -j RETURN
iptables -w -I DOCKER-USER -p tcp -m multiport --dports 0:65535 -j f2b-npm-docker
2021-10-25 21:52:14,023 fail2ban.utils [1]: ERROR b64f6650 -- stderr: 'iptables: Chain already exists.'
2021-10-25 21:52:14,023 fail2ban.utils [1]: ERROR b64f6650 -- stderr: 'iptables: No chain/target/match by that name.'
2021-10-25 21:52:14,023 fail2ban.utils [1]: ERROR b64f6650 -- returned 1
2021-10-25 21:52:14,024 fail2ban.actions [1]: ERROR Failed to execute ban jail 'npm-docker' action 'iptables-multiport' info 'ActionInfo({'ip': '77.81.98.70', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0xb64d8cd0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0xb64d6070>})': Error starting action Jail('npm-docker')/iptables-multiport: 'Script error'
2021-10-25 21:52:14,682 fail2ban.filter [1]: INFO [npm-docker] Found 77.81.98.70 - 2021-10-25 21:52:14
This is my iptables detials in raspberry pi (not of fail2ban docker):
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5019 3594K DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
5019 3594K DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
767 468K ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
8 416 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
916 952K ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
5795 2549K ACCEPT all -- * br-8f06c3dc391f 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- * br-8f06c3dc391f 0.0.0.0/0 0.0.0.0/0
7675 747K ACCEPT all -- br-8f06c3dc391f !br-8f06c3dc391f 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br-8f06c3dc391f br-8f06c3dc391f 0.0.0.0/0 0.0.0.0/0
43965 23M ACCEPT all -- * br-288ddad3c4ae 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1083 59844 DOCKER all -- * br-288ddad3c4ae 0.0.0.0/0 0.0.0.0/0
22862 17M ACCEPT all -- br-288ddad3c4ae !br-288ddad3c4ae 0.0.0.0/0 0.0.0.0/0
22 1320 ACCEPT all -- br-288ddad3c4ae br-288ddad3c4ae 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (3 references)
pkts bytes target prot opt in out source destination
8 416 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:9000
0 0 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:8000
11 540 ACCEPT tcp -- !br-288ddad3c4ae br-288ddad3c4ae 0.0.0.0/0 172.18.0.2 tcp dpt:443
4 208 ACCEPT tcp -- !br-288ddad3c4ae br-288ddad3c4ae 0.0.0.0/0 172.18.0.2 tcp dpt:81
0 0 ACCEPT tcp -- !br-288ddad3c4ae br-288ddad3c4ae 0.0.0.0/0 172.18.0.2 tcp dpt:80
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
916 952K DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
184 17672 DOCKER-ISOLATION-STAGE-2 all -- br-8f06c3dc391f !br-8f06c3dc391f 0.0.0.0/0 0.0.0.0/0
720 189K DOCKER-ISOLATION-STAGE-2 all -- br-288ddad3c4ae !br-288ddad3c4ae 0.0.0.0/0 0.0.0.0/0
5019 3594K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
102K 73M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (3 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * br-8f06c3dc391f 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * br-288ddad3c4ae 0.0.0.0/0 0.0.0.0/0
1820 1159K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
# Warning: iptables-legacy tables present, use iptables-legacy to see them
I am running my fail2ban, nginx proxy manager inside docker.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi @crazy-max I am not sure whether this is the right place to post this but I am trying to resolve the issue for fail2ban docker container still allowing banned IP's. I tried setting Chain to DOCKER-USER but it's failing with the following error:
This is my iptables detials in raspberry pi (not of fail2ban docker):
I am running my fail2ban, nginx proxy manager inside docker.
This is my fail2ban configuration :
This is my jail conf:
Can some please help me with this
Beta Was this translation helpful? Give feedback.
All reactions