Comments (3)
I have the same problem
from ufw-docker.
Have a look at the iptables chains which rules are first applied. Seems the ufw rules are applied before the fail2ban rules (named "f2b-...").
In addition ensure that fail2ban prepends the reject rules in the DOCKER-USER chain (or FORWARD chain), so they are applied before the ufw rules.
btw: we are using fail2ban as a container (https://github.com/linuxserver/docker-fail2ban -> https://github.com/linuxserver/fail2ban-confs/blob/master/README.md) and our fail2ban / ufw-docker setup works as expected.
from ufw-docker.
It seems that fail2ban should deny fowording as well for blocking packet to docker container . the following conf works for me
/etc/fail2ban/action.d/ufw.conf
# Fail2Ban action configuration file for ufw
#
# You are required to run "ufw enable" before this will have any effect.
#
# The insert position should be appropriate to block the required traffic.
# A number after an allow rule to the application won't be of much use.
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = [ -n "<application>" ] && app="app <application>"
ufw insert <insertpos> <blocktype> from <ip> to <destination> $app &&
ufw route insert <insertpos> <blocktype> from <ip> to <destination> $app
actionunban = [ -n "<application>" ] && app="app <application>"
ufw delete <blocktype> from <ip> to <destination> $app&&
ufw route delete <blocktype> from <ip> to <destination> $app
[Init]
# Option: insertpos
# Notes.: The position number in the firewall list to insert the block rule
insertpos = 1
# Option: blocktype
# Notes.: reject or deny
blocktype = deny
# Option: destination
# Notes.: The destination address to block in the ufw rule
destination = any
# Option: application
# Notes.: application from sudo ufw app list
application =
# DEV NOTES:
#
# Author: Guilhem Lettron
# Enhancements: Daniel Black
from ufw-docker.
Related Issues (20)
- What do I need to do to expose the container to only one IP, please? Thanks. HOT 2
- Access own host HOT 7
- after6.rules? and How to allow 80/tcp from any CN-CIDR ?
- 容器解析域名失败
- no communication between docker containers HOT 8
- Add ufw limit
- 不能手动添加ip地址 HOT 6
- Allow Host exposed Ports not container ports HOT 1
- Have to recreate ufw rules after docker restart HOT 1
- Containers still access internet HOT 1
- 172.16.0.0/12 - Should this be /16? HOT 3
- table `nat' is incompatible, use 'nft' tool HOT 1
- Use conntrack to allow incoming responses for outbound connections HOT 3
- Base ufw whitelist is not respected. HOT 1
- 容器之间互相访问失败 HOT 2
- Can not access External IPs
- why不能在before中控制 HOT 1
- How to uninstall easily? HOT 3
- 172.17.0.0/16 as a ip space in which containers are created. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ufw-docker.