abhin4v/space
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Changes fail2ban to use DOCKER-USER chain

Browse Source
This commit is contained in:
Abhinav Sarkar 2019-11-25 08:10:04 +05:30
parent 39eaf3241f
commit b180226806
2 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yml
View File

@ -72,6 +72,7 @@ services:
DNS1: 1.1.1.1 DNS1: 1.1.1.1
DNS2: 1.0.0.1 DNS2: 1.0.0.1
VIRTUAL_HOST: pihole.abhinavsarkar.net VIRTUAL_HOST: pihole.abhinavsarkar.net
TZ: "Asia/Kolkata"
ports: ports:
- "53:53/tcp" - "53:53/tcp"
- "53:53/udp" - "53:53/udp"

18
fail2ban/iptables-pihole-geoip-fence.conf
View File

@ -11,23 +11,21 @@ before = iptables-blocktype.conf
# Notes.: command executed once at the start of Fail2Ban. # Notes.: command executed once at the start of Fail2Ban.
# Values: CMD # Values: CMD
# #
actionstart = iptables -N f2b-<name> actionstart = iptables -N DOCKER-USER
iptables -A f2b-<name> -j RETURN iptables -A DOCKER-USER -j RETURN
iptables -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
# Option: actionstop # Option: actionstop
# Notes.: command executed once at the end of Fail2Ban # Notes.: command executed once at the end of Fail2Ban
# Values: CMD # Values: CMD
# #
actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name> actionstop = iptables -F DOCKER-USER
iptables -F f2b-<name> iptables -X DOCKER-USER
iptables -X f2b-<name>
# Option: actioncheck # Option: actioncheck
# Notes.: command executed once before each actionban command # Notes.: command executed once before each actionban command
# Values: CMD # Values: CMD
# #
actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]' actioncheck = iptables -n -L <chain> | grep -q 'DOCKER-USER[ \t]'
# Option: actionban # Option: actionban
# Notes.: command executed when banning an IP. Take care that the # Notes.: command executed when banning an IP. Take care that the
@ -37,7 +35,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
# #
actionban = IP=<ip> && actionban = IP=<ip> &&
COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] || COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] ||
(iptables -I f2b-<name> 1 -s <ip> -j <blocktype>) (iptables -I DOCKER-USER 1 -s <ip> -j <blocktype>)
# Option: actionunban # Option: actionunban
# Notes.: command executed when unbanning an IP. Take care that the # Notes.: command executed when unbanning an IP. Take care that the
@ -47,7 +45,7 @@ actionban = IP=<ip> &&
# #
actionunban = IP=<ip> && actionunban = IP=<ip> &&
COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] || COUNTRY=$(geoiplookup $IP | egrep "<country_list>") && [ "$COUNTRY" ] ||
(iptables -D f2b-<name> -s <ip> -j <blocktype>) (iptables -D DOCKER-USER -s <ip> -j <blocktype>)
[Init] [Init]
@ -59,7 +57,7 @@ country_list = IN|India
# Default name of the chain # Default name of the chain
# #
name = pihole-geoip name = DOCKER-USER
# Option: port # Option: port
# Notes.: specifies port to monitor # Notes.: specifies port to monitor