Multiple containers for banning multiple chains?

Question

Multiple containers for banning multiple chains?

verybadsoldier opened this issue 5 years ago · 2 comments

One question please:
Why is it adviced to use a second container when banning with iptables the chain DOCKER-USER and INPUT at the same time as shown here:
https://github.com/crazy-max/docker-fail2ban/blob/master/examples/compose-multi/docker-compose.yml

Wouldn't it be enough to use just one container and extend the used action to just add the second chain to iptables?

Something like this:

actionstart = <iptables> -N f2b-<name>
              <iptables> -A f2b-<name> -j <returntype>
              <iptables> -I INPUT -p <protocol> -j f2b-<name>
              <iptables> -I DOCKER-USER -p <protocol> -j f2b-<name>

Answer 1 · 2019-05-03T09:56:57.000Z

@verybadsoldier This would make the iptables rules more cumbersome but it could work. I'll think about this implementation.

Answer 2 · 2020-07-30T22:12:02.000Z

@verybadsoldier F2B_IPTABLES_CHAIN env var has been removed and README updated to use chain = <name> def. See also #46.