Hi,
Probably you need to use a different iptables chain to block the
requests to your docker instance. In
/etc/fail2ban/action.d/iptables-common.conf, the iptables chain that is
used is defined. By default this is "INPUT", but in your case this
should probably be changed to "FORWARD".
I'm unsure if this is due to the fact that your server is behind a
firewall and in a LAN, or because the traffic goes to a docker instance
(over the docker network stack) and not to a service directly running on
a port on the machine itself: I don't know anymore (sorry, it's been a
while since I had a setup similar to this).
Kind regards,
Tom
On 29-03-2020 14:23, SeaTigerIII wrote:
Hi,
I have installed below at my home server and have issue to block
external connection to my owncloud (docker).
Below is my environment settings.
Ubuntu Server 18.0.4
Fail2Ban 0.10.2
Docker 19.03.8
ownCloud 10.3.2.2 (in docker)
I have setup fail2ban to check owncloud log file and detect failed login.
it can detect and ban ip address at fail2ban correctly.
if i use my internal ip address, it can block the owncloud access correctly
however, if i use external connection with external ip address,
fail2ban can detect it and marked to block that external ip address.
But it seems that iptables would not block and go on to allow access.
Below is my status result.
$ sudo fail2ban-client status owncloud
Status for the jail: owncloud
|- Filter
| |- Currently failed: 1
| |- Total failed: 45
| `- File list: /home/ubuntu/owncloud/owncloud.log
`- Actions
|- Currently banned: 3
|- Total banned: 4
`- Banned IP list: 152.0.158.112 152.0.153.189 192.168.1.20
I can see that it have already ban ip address 152.0.158.112,
152.0.153.189 & 192.168.1.20
device with ip address 192.168.1.20 would not able to access owncloud any more
device with ip address 152.0.158.112 or 152.0.153.189 would go on to
access owncloud
Below is iptables chain list.
$ sudo iptables -L DOCKER-USER
Chain DOCKER-USER (1 references)
target prot opt source destination
f2b-owncloud tcp -- anywhere anywhere
RETURN all -- anywhere anywhere
$ sudo iptables -L f2b-owncloud
Chain f2b-owncloud (1 references)
target prot opt source destination
REJECT all -- 192.168.1.20 anywhere
reject-with icmp-port-unreachable
REJECT all -- 152.0.158.112 anywhere reject-with
icmp-port-unreachable
REJECT all -- 152.0.153.189 anywhere reject-with
icmp-port-unreachable
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Is it anything wrong at the iptables?
Actually, I have tried to add below rule direct at DOCKER-USER but
device with external ip address still able to access my owncloud.
$ sudo iptables -I DOCKER-USER -i eth0 -s 152.0.158.112 -j REJECT
Please advise.
Many Thanks
Miss Poon
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
