abhin4v
/
space
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Changes fail2ban to use DOCKER-USER chain

Browse Source
master
Abhinav Sarkar 3 years ago
parent 39eaf3241f
commit b180226806
2 changed files with 9 additions and 10 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      docker-compose.yml
  2. 18
      fail2ban/iptables-pihole-geoip-fence.conf

1
docker-compose.yml
Unescape View File

@ -72,6 +72,7 @@ services:
DNS1: 1.1.1.1
DNS2: 1.0.0.1
VIRTUAL_HOST: pihole.abhinavsarkar.net
TZ: "Asia/Kolkata"
ports:
- "53:53/tcp"
- "53:53/udp"

18
fail2ban/iptables-pihole-geoip-fence.conf
Unescape View File

@ -11,23 +11,21 @@ before = iptables-blocktype.conf
# Notes.: command executed once at the start of Fail2Ban.
# Values: CMD
#
actionstart = iptables -N f2b-<name>
iptables -A f2b-<name> -j RETURN
iptables -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
actionstart = iptables -N DOCKER-USER
iptables -A DOCKER-USER -j RETURN
# Option: actionstop
# Notes.: command executed once at the end of Fail2Ban
# Values: CMD
#
actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
iptables -F f2b-<name>
iptables -X f2b-<name>
actionstop = iptables -F DOCKER-USER
iptables -X DOCKER-USER
# Option: actioncheck
# Notes.: command executed once before each actionban command
# Values: CMD
#
actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
actioncheck = iptables -n -L <chain> | grep -q 'DOCKER-USER[ \t]'
# Option: actionban
# Notes.: command executed when banning an IP. Take care that the
@ -37,7 +35,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
#
actionban = IP=<ip> &&
COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] ||
(iptables -I f2b-<name> 1 -s <ip> -j <blocktype>)
(iptables -I DOCKER-USER 1 -s <ip> -j <blocktype>)
# Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the
@ -47,7 +45,7 @@ actionban = IP=<ip> &&
#
actionunban = IP=<ip> &&
COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] ||
(iptables -D f2b-<name> -s <ip> -j <blocktype>)
(iptables -D DOCKER-USER -s <ip> -j <blocktype>)
[Init]
@ -59,7 +57,7 @@ country_list = IN|India
# Default name of the chain
#
name = pihole-geoip
name = DOCKER-USER
# Option: port
# Notes.: specifies port to monitor

Write Preview
Loading…
Cancel
Save