Changes fail2ban to use DOCKER-USER chain

2019-11-25 08:10:04 +05:30 · 2019-11-25 08:10:04 +05:30 · b180226806
parent 39eaf3241f
commit b180226806
2 changed files with 9 additions and 10 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -72,6 +72,7 @@ services:
      DNS1: 1.1.1.1
      DNS2: 1.0.0.1
      VIRTUAL_HOST: pihole.abhinavsarkar.net
+      TZ: "Asia/Kolkata"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
--- a/fail2ban/iptables-pihole-geoip-fence.conf
+++ b/fail2ban/iptables-pihole-geoip-fence.conf
@ -11,23 +11,21 @@ before = iptables-blocktype.conf
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N f2b-<name>
-              iptables -A f2b-<name> -j RETURN
-              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+actionstart = iptables -N DOCKER-USER
+              iptables -A DOCKER-USER -j RETURN

 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
-             iptables -F f2b-<name>
-             iptables -X f2b-<name>
+actionstop = iptables -F DOCKER-USER
+             iptables -X DOCKER-USER

 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+actioncheck = iptables -n -L <chain> | grep -q 'DOCKER-USER[ \t]'

 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@ -37,7 +35,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
 #
 actionban = IP=<ip> &&
            COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] ||
-            (iptables -I f2b-<name> 1 -s <ip> -j <blocktype>)
+            (iptables -I DOCKER-USER 1 -s <ip> -j <blocktype>)

 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@ -47,7 +45,7 @@ actionban = IP=<ip> &&
 #
 actionunban = IP=<ip> &&
              COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] ||
-              (iptables -D f2b-<name> -s <ip> -j <blocktype>)
+              (iptables -D DOCKER-USER -s <ip> -j <blocktype>)

 [Init]

@ -59,7 +57,7 @@ country_list = IN|India

 # Default name of the chain
 #
-name = pihole-geoip
+name = DOCKER-USER

 # Option:  port
 # Notes.:  specifies port to monitor