This repository was archived by the owner on Aug 8, 2022. It is now read-only.
Conversation
Fix Whitespace
Update `jail.local` to change default fail2ban ban action to more widely supported `iptables-allports`.
The safe default for us shipping a working system is to ignore all private IPs so that users cannot block themselves easily.
Initial support for Emby and NGINX DENY filters
Given that almost all logs will be volume mounted RO from `remote` containers it is safer to suggest a default mount where these logs reside outside `/config`. This helps ensure that housekeeping tasks such a `chown abc:abc` never inadvertently and needlessly operate on the remote logs.
By using the DOCKER-USER chain rather than INPUT we ensure the rules are applied to all containers (but only containers not the host). By doing so we gain some persistence but more importantly without this change we could not easily control ingress traffic to other containers and would also run the risk of the docker daemon munging our work (since docker relies heavily on iptables and routinely makes changes). DOCKER-USER is where docker expects users to make container related iptables changes
It is very unlikely you will ever see this status code unless you manually implement it.
418 Teapot poor mans IPS
This file will be loaded before jail.local and can be managed without requiring user input. This will greatly simplify jail.local
Prepare for the use of jail.d
Refactor jails to service specific .conf and standardise filter naming
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DEV has been smoke tested and run as stability test on Alpine 3.12 for months. It is not production ready but it does function.