[Fail2ban-users] Block external ip address issue at fail2ban with docker & owncloud

Sun, 29 Mar 2020 04:35:09 -0700 

Hi,

I have installed below at my home server and have issue to block
external connection to my owncloud (docker).

Below is my environment settings.

Ubuntu Server 18.0.4
Fail2Ban 0.10.2
Docker 19.03.8
ownCloud 10.3.2.2 (in docker)

I have setup fail2ban to check owncloud log file and detect failed login.
it can detect and ban ip address at fail2ban correctly.

if i use my internal ip address, it can block the owncloud access correctly
however, if i use external connection with external ip address,
fail2ban can detect it and marked to block that external ip address.
But it seems that iptables would not block and go on to allow access.

Below is my status result.

$ sudo fail2ban-client status owncloud
Status for the jail: owncloud
|- Filter
|  |- Currently failed: 1
|  |- Total failed:     45
|  `- File list:        /home/ubuntu/owncloud/owncloud.log
`- Actions
   |- Currently banned: 3
   |- Total banned:     4
   `- Banned IP list:   152.0.158.112 152.0.153.189 192.168.1.20

I can see that it have already ban ip address 152.0.158.112,
152.0.153.189 & 192.168.1.20

device with ip address 192.168.1.20 would not able to access owncloud any more
device with ip address 152.0.158.112 or 152.0.153.189 would go on to
access owncloud

Below is iptables chain list.

$ sudo iptables -L DOCKER-USER
Chain DOCKER-USER (1 references)
target     prot opt source               destination
f2b-owncloud  tcp  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

$ sudo iptables -L f2b-owncloud
Chain f2b-owncloud (1 references)
target     prot opt source               destination
REJECT     all  --  192.168.1.20        anywhere
reject-with icmp-port-unreachable
REJECT     all  --  152.0.158.112  anywhere             reject-with
icmp-port-unreachable
REJECT     all  --  152.0.153.189  anywhere             reject-with
icmp-port-unreachable
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Is it anything wrong at the iptables?

Actually, I have tried to add below rule direct at DOCKER-USER but
device with external ip address still able to access my owncloud.

$ sudo iptables -I DOCKER-USER -i eth0 -s 152.0.158.112 -j REJECT


Please advise.

Many Thanks

Miss Poon


_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to