Skip to content

[BUG] Ban Action Triggered - Ban Not Working #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
admiralspeedy opened this issue Mar 3, 2025 · 2 comments
Open
1 task done

[BUG] Ban Action Triggered - Ban Not Working #34

admiralspeedy opened this issue Mar 3, 2025 · 2 comments
Labels
no-issue-activity

Comments

@admiralspeedy
Copy link

admiralspeedy commented Mar 3, 2025
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I have set up fail2ban on my Unraid server. I was using Nginx Proxy Manager to enable remote access to my Emby server.

With my configuration, after 5 retries fail2ban issues the ban action but the IP is not actually banned and can still access my Emby server. There are no errors in the log and as far as fail2ban shows, the IP is banned, but I see no rule added to iptables.

My jail.local:

[DEFAULT]
# Prevents banning LAN subnets
ignoreip = 10.0.0.0/8
           192.168.0.0/16
           172.16.0.0/12

# "bantime.increment" allows to use database for searching of previously banned ip's to increase a
# default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...
bantime.increment = true

# "bantime.rndtime" is the max number of seconds using for mixing with random time
# to prevent "clever" botnets calculate exact time IP can be unbanned again:
bantime.rndtime = 2048

# following example can be used for small initial ban time (bantime=60) - it grows more aggressive at begin,
# for bantime=60 the multipliers are minutes and equal: 1 min, 5 min, 30 min, 1 hour, 5 hour, 12 hour, 1 day, 2 day
bantime.multipliers = 1 5 30 60 300 720 1440 2880

banaction = iptables-allports

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 5

[npm]
enabled = true
filter = npm
logpath = /var/log/proxy-host-*_access.log

My filter (npm.conf):

[INCLUDES]

[Definition]

failregex = ^.* (405|404|403|401|\-) (405|404|403|401) - .* \[Client <HOST>\] \[Length .*\] .* \[Sent-to <F-CONTAINER>.*</F-CONTAINER>\] <F-USERAGENT>".*"</F-USERAGENT> .*$

ignoreregex = ^.* (404|\-) (404) - .*".*(\.png|\.txt|\.jpg|\.ico|\.js|\.css|\.ttf|\.woff|\.woff2)(/)*?" \[Client <HOST>\] \[Length .*\] ".*" .*$

Interestingly, I switched to swag and its included fail2ban works fine.

Expected Behavior

The offending IP should be added to iptables to prevent it from connecting for the specified ban time.

Steps To Reproduce

  1. Install fail2ban and NPM in Unraid
  2. Configure as above
  3. Check fail2ban log and see ban issued
  4. Reload page on banned device and see that you are not actually banned

Environment

- OS: Unraid 7.0.1
- How docker service was installed: Through Unraid's app center

CPU architecture

x86-64

Docker creation

Unraid

Container logs

NA
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 3, 2025

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

@LinuxServer-CI
Copy link
Contributor

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
no-issue-activity
Projects
Issue & PR Tracker
Status: Issues
Milestone
No milestone
Development

No branches or pull requests
2 participants
@admiralspeedy @LinuxServer-CI