crazy-max/docker-fail2ban

Fail2Ban Banning but not Blocking

Closed this issue · 1 comments

ZenoBell commented

Hello people,

I set up Fail2Ban with bitwarden_rs and while it seems to bann the ip the logs, i can still successfully login with the correct password. I am using Traefik 1.7 Maroilles as a reverse proxy to access BitwardenRS. What i have tried till now to fix the issue :

  • I have added the server port and the reverse proxy port in addition to the BitwardenRS container's ports.
  • i have added /action.d/iptables-allports.local to try to kill any existing connections
  • I have added chain=FORWARD to the /jail.d/bitwarden.local file even if i dont need it i think as im using a reverse proxy
  • Timezones are correct everywhere
  • I tried also with cellular data just to be sure.

Logs:
The ip i suppose as it's through the docker network is different from the "real" one, not sure how to configure it to show it properly (tried with a lan device as also mobile data)

2020-07-05 18:32:22,123 fail2ban.filter [1]: INFO [bitwarden] Found myip- 2020-07-05 18:32:22
2020-07-05 18:32:23,456 fail2ban.actions [1]: NOTICE [bitwarden] myip already banned

i'm putting as image an not as text as every time i paste it all the format/composure goes to hell and it's not easily writable.

image

docker compose file

image

Any idea what's wrong ? any tip or suggestion would be really helpful as i cannot figure it out whats wrong.

update:
After some attempts i see that the loading button is just looping giving me hope that the ip is banned but then refreshing the page and entering my normal credentials is giving me access once again. Also I'm making the test with a phone with cellular data and i see that the ip doesn't match the ones in the log probably because of docker networking but still not sure if it's ok. What i tried :

  1. action = iptables-allports[name=bitwarden]
  2. action = iptables-allports[name=bitwarden, chain=DOCKER-USER]
  3. action = iptables-allports[name=bitwarden, chain=FORWARD]

i'm always restarted the container but nothing of these seems to work. I also try to change in the docker compose file the

network_mode: "host" to network_mode: "bridge"

and try once again all the 3 above action configurations but still nothing. Traefik the reverse proxy is configured with cloudflare if it can helps somehow.

crazy-max commented

@sesshomaru86 F2B_IPTABLES_CHAIN env var has been removed and README updated to use chain = <name> def. Can you try with this new behavior?
And about your issue, have you checked if the IP is actually banned in the iptables of your host (iptables -S | grep f2b)?