Multiple containers for banning multiple chains?
verybadsoldier opened this issue · 2 comments
verybadsoldier commented
One question please:
Why is it adviced to use a second container when banning with iptables the chain DOCKER-USER
and INPUT
at the same time as shown here:
https://github.com/crazy-max/docker-fail2ban/blob/master/examples/compose-multi/docker-compose.yml
Wouldn't it be enough to use just one container and extend the used action to just add the second chain to iptables?
Something like this:
actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype>
<iptables> -I INPUT -p <protocol> -j f2b-<name>
<iptables> -I DOCKER-USER -p <protocol> -j f2b-<name>
crazy-max commented
@verybadsoldier This would make the iptables rules more cumbersome but it could work. I'll think about this implementation.
crazy-max commented
@verybadsoldier F2B_IPTABLES_CHAIN
env var has been removed and README updated to use chain = <name>
def. See also #46.