Hi,
Please reply to the list only.
You're not showing the full iptables output. Chainging the chain name
should alter the place where the "f2b-owncloud" chain is linked into the
default inputs of iptables, this is not visible in the "f2b-owncloud"
chain itself. Show full iptables -L -n output, or show:
sudo iptables -L INPUT
sudo iptables -L FORWARD
Kind regards,
Tom
On 30-03-2020 06:37, SeaTigerIII wrote:
Hi Tom,
Thanks for your suggestion.
I had tried it at my end but it does not work.
it still cannot block any external ip address.
$ sudo iptables -L f2b-owncloud -n
Chain f2b-owncloud (1 references)
target prot opt source destination
REJECT all -- 152.0.34.125 0.0.0.0/0 reject-with
icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
I worried that it maybe iptables chain related problem per your
suggestion. I would take time to read iptables firstly.
Thank you for your hints.
Regards
Miss Poon
On Sun, Mar 29, 2020 at 10:29 AM Tom Hendrikx <t...@whyscream.net> wrote:
Hi,
Probably you need to use a different iptables chain to block the
requests to your docker instance. In
/etc/fail2ban/action.d/iptables-common.conf, the iptables chain that is
used is defined. By default this is "INPUT", but in your case this
should probably be changed to "FORWARD".
I'm unsure if this is due to the fact that your server is behind a
firewall and in a LAN, or because the traffic goes to a docker instance
(over the docker network stack) and not to a service directly running on
a port on the machine itself: I don't know anymore (sorry, it's been a
while since I had a setup similar to this).
Kind regards,
Tom
On 29-03-2020 14:23, SeaTigerIII wrote:
Hi,
I have installed below at my home server and have issue to block
external connection to my owncloud (docker).
Below is my environment settings.
Ubuntu Server 18.0.4
Fail2Ban 0.10.2
Docker 19.03.8
ownCloud 10.3.2.2 (in docker)
I have setup fail2ban to check owncloud log file and detect failed login.
it can detect and ban ip address at fail2ban correctly.
if i use my internal ip address, it can block the owncloud access correctly
however, if i use external connection with external ip address,
fail2ban can detect it and marked to block that external ip address.
But it seems that iptables would not block and go on to allow access.
Below is my status result.
$ sudo fail2ban-client status owncloud
Status for the jail: owncloud
|- Filter
| |- Currently failed: 1
| |- Total failed: 45
| `- File list: /home/ubuntu/owncloud/owncloud.log
`- Actions
|- Currently banned: 3
|- Total banned: 4
`- Banned IP list: 152.0.158.112 152.0.153.189 192.168.1.20
I can see that it have already ban ip address 152.0.158.112,
152.0.153.189 & 192.168.1.20
device with ip address 192.168.1.20 would not able to access owncloud any more
device with ip address 152.0.158.112 or 152.0.153.189 would go on to
access owncloud
Below is iptables chain list.
$ sudo iptables -L DOCKER-USER
Chain DOCKER-USER (1 references)
target prot opt source destination
f2b-owncloud tcp -- anywhere anywhere
RETURN all -- anywhere anywhere
$ sudo iptables -L f2b-owncloud
Chain f2b-owncloud (1 references)
target prot opt source destination
REJECT all -- 192.168.1.20 anywhere
reject-with icmp-port-unreachable
REJECT all -- 152.0.158.112 anywhere reject-with
icmp-port-unreachable
REJECT all -- 152.0.153.189 anywhere reject-with
icmp-port-unreachable
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Is it anything wrong at the iptables?
Actually, I have tried to add below rule direct at DOCKER-USER but
device with external ip address still able to access my owncloud.
$ sudo iptables -I DOCKER-USER -i eth0 -s 152.0.158.112 -j REJECT
Please advise.
Many Thanks
Miss Poon
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
--
Best Regards
SeaTigerIII
WeChat - seatiger...@gmail.com
Google Talk: seatiger...@gmail.com
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
