docker-fail2ban:1.1.0 compatibility issue with Synology #164

ngthwi · 2024-05-08T19:10:33Z

Support guidelines

I've read the support guidelines

I've found a bug and checked that ...

... the documentation does not mention anything about my problem
... there are no open or closed issues that are related to my problem

Description

Since crazymax/fail2ban:1.1.0, IPs are no longer banned.

Expected behaviour

IPs are banned without errors (last working version 1.0.2)

Actual behaviour

2024-05-08 19:46:52,765 fail2ban.utils          [1]: ERROR   7f0cdf6510b0 -- exec: { iptables -w -C f2b-my-app -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-my-app || true; iptables -w -A f2b-my-app -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C INPUT -p $proto -j f2b-my-app >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -j f2b-my-app; }
done
2024-05-08 19:46:52,766 fail2ban.utils          [1]: ERROR   7f0cdf6510b0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'

Steps to reproduce

Deploy f2b container

#---
#Docker-compose file for Fail2ban
#--- 
version: '3'
services:
  fail2ban:
    container_name: fail2ban
    restart: always
    image: crazymax/fail2ban:latest #currently 1.1.0
    environment: 
    - TZ=Europe/London
    - F2B_DB_PURGE_AGE=30d  # optional
    - F2B_LOG_TARGET=/data/fail2ban.log # optional

    volumes:
    - /volumeX/docker/fail2ban:/data
    - /volumeX/docker/my-app.log:/log/my-app.log:ro 

    network_mode: "host"

    cap_add:
        - NET_ADMIN
        - NET_RAW

ban an IP

Docker info

Client:
Context:    default
Debug Mode: false

Server:
Containers: x
 Running: x
 Paused: x
 Stopped: x
Images: x
Server Version: 20.10.23
Storage Driver: btrfs
 Build Version: Btrfs v4.0
 Library Version: 101
Logging Driver: db
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
 Volume: local
 Network: bridge host ipvlan null overlay
 Log: awslogs db fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b23a389d8c181697302d163356e97dec04eb8d88
runc version: 5af893d
init version: ed96d00
Security Options:
 apparmor
Kernel Version: 4.4.302+
Operating System: DiskStation
(containerized)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.238GiB
Name: xxxxx
ID: xxxxxxxxxxxxxccc
Docker Root Dir: /volume1/@docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
http://127.0.0.0/8
Live Restore Enabled: false

WARNING: No kernel memory TCP limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No blkio throttle.read_bps_device support
WARNING: No blkio throttle.write_bps_device support
WARNING: No blkio throttle.read_iops_device support
WARNING: No blkio throttle.write_iops_device support

Docker Compose config

No response

Logs

2024-05-07 23:21:18,553 fail2ban.server         [1]: INFO    --------------------------------------------------
2024-05-07 23:21:18,568 fail2ban.server         [1]: INFO    Starting Fail2ban v1.1.0
2024-05-07 23:21:18,570 fail2ban.observer       [1]: INFO    Observer start...
2024-05-07 23:21:18,974 fail2ban.database       [1]: INFO    Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'
2024-05-07 23:21:19,861 fail2ban.jail           [1]: INFO    Creating new jail 'my-app'
2024-05-07 23:21:19,862 fail2ban.jail           [1]: INFO    Jail 'my-app' uses pyinotify {}
2024-05-07 23:21:19,863 fail2ban.jail           [1]: INFO    Initiated 'pyinotify' backend
2024-05-07 23:21:19,865 fail2ban.filter         [1]: INFO      maxRetry: 4
2024-05-07 23:21:19,865 fail2ban.filter         [1]: INFO      findtime: 600
2024-05-07 23:21:19,865 fail2ban.actions        [1]: INFO      banTime: 86400
2024-05-07 23:21:19,866 fail2ban.filter         [1]: INFO      encoding: UTF-8
2024-05-07 23:21:19,866 fail2ban.filter         [1]: INFO    Added logfile: '/log/my-app.log' (pos = 478097, hash = 9b7e7e45c84f4f287233dd1d9e01267571c5e4c1)
2024-05-07 23:21:19,875 fail2ban.jail           [1]: INFO    Jail 'my-app' started
2024-05-08 19:46:45,717 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for #xxx-local-IP-xxx: [Errno -2] Name does not resolve
2024-05-08 19:46:45,796 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for #: [Errno -2] Name does not resolve
2024-05-08 19:46:45,858 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for optional: [Errno -2] Name does not resolve
2024-05-08 19:46:45,859 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-08 19:46:45
2024-05-08 19:46:48,634 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-08 19:46:48
2024-05-08 19:46:50,170 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-08 19:46:50
2024-05-08 19:46:51,509 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-08 19:46:51
2024-05-08 19:46:52,294 fail2ban.actions        [1]: NOTICE  [my-app] Ban xxx-IP-TO-BAN-xxx
2024-05-08 19:46:52,765 fail2ban.utils          [1]: ERROR   7f0cdf6510b0 -- exec: { iptables -w -C f2b-my-app -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-my-app || true; iptables -w -A f2b-my-app -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C INPUT -p $proto -j f2b-my-app >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -j f2b-my-app; }
done
2024-05-08 19:46:52,766 fail2ban.utils          [1]: ERROR   7f0cdf6510b0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-05-08 19:46:52,766 fail2ban.utils          [1]: ERROR   7f0cdf6510b0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-05-08 19:46:52,766 fail2ban.utils          [1]: ERROR   7f0cdf6510b0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-05-08 19:46:52,766 fail2ban.utils          [1]: ERROR   7f0cdf6510b0 -- returned 4
2024-05-08 19:46:52,766 fail2ban.actions        [1]: ERROR   Failed to execute ban jail 'my-app' action 'iptables-allports' info 'ActionInfo({'ip': 'xxx-IP-TO-BAN-xxx', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f0cdfc6a2a0>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f0cdfc6aa20>})': Error starting action Jail('my-app')/iptables-allports: 'Script error'

Additional info

No response

The text was updated successfully, but these errors were encountered:

crazy-max · 2024-05-09T07:15:49Z

Thanks for your report, can you give the output of the following commands please?:

$ docker run -it --rm alpine:3.18 /bin/sh -c "apk add iptables && iptables -v"
$ docker run -it --rm alpine:3.19 /bin/sh -c "apk add iptables && iptables -v"

I believe this is an issue linked to the update to Alpine 3.19.

crazy-max · 2024-05-09T07:58:03Z

Can you try with crazymax/fail2ban:edge?

ngthwi · 2024-05-09T08:29:20Z

Thanks for your report, can you give the output of the following commands please?:
$ docker run -it --rm alpine:3.18 /bin/sh -c "apk add iptables && iptables -v"
$ docker run -it --rm alpine:3.19 /bin/sh -c "apk add iptables && iptables -v"
I believe this is an issue linked to the update to Alpine 3.19.

Both command outputs were:

the input device is not a TTY

Can you try with crazymax/fail2ban:edge?

The error remains:

2024-05-09 10:03:30,689 fail2ban.server         [1]: INFO    --------------------------------------------------
2024-05-09 10:03:30,689 fail2ban.server         [1]: INFO    Starting Fail2ban v1.1.0
2024-05-09 10:03:30,690 fail2ban.observer       [1]: INFO    Observer start...
2024-05-09 10:03:30,789 fail2ban.database       [1]: INFO    Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'
2024-05-09 10:03:32,446 fail2ban.jail           [1]: INFO    Creating new jail 'my-app'
2024-05-09 10:03:32,447 fail2ban.jail           [1]: INFO    Jail 'my-app' uses pyinotify {}
2024-05-09 10:03:32,448 fail2ban.jail           [1]: INFO    Initiated 'pyinotify' backend
2024-05-09 10:03:32,450 fail2ban.filter         [1]: INFO      maxRetry: 4
2024-05-09 10:03:32,450 fail2ban.filter         [1]: INFO      findtime: 600
2024-05-09 10:03:32,451 fail2ban.actions        [1]: INFO      banTime: 86400
2024-05-09 10:03:32,451 fail2ban.filter         [1]: INFO      encoding: UTF-8
2024-05-09 10:03:32,452 fail2ban.filter         [1]: INFO    Added logfile: '/log/my-app.log' (pos = 491743, hash = 9b7e7e45c84f4f287233dd1d9e01267571c5e4c1)
2024-05-09 10:03:32,462 fail2ban.jail           [1]: INFO    Jail 'my-app' started
2024-05-09 10:05:26,870 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for #xxx-local-IP-xxx: [Errno -2] Name does not resolve
2024-05-09 10:05:26,909 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for #: [Errno -2] Name does not resolve
2024-05-09 10:05:26,946 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for optional: [Errno -2] Name does not resolve
2024-05-09 10:05:26,946 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 10:05:26
2024-05-09 10:05:27,956 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 10:05:27
2024-05-09 10:05:29,813 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 10:05:29
2024-05-09 10:05:30,946 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 10:05:30
2024-05-09 10:05:31,091 fail2ban.actions        [1]: NOTICE  [my-app] Ban xxx-IP-TO-BAN-xxx
2024-05-09 10:05:31,921 fail2ban.utils          [1]: ERROR   7fdbd1ca59b0 -- exec: { iptables -w -C f2b-my-app -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-my-app || true; iptables -w -A f2b-my-app -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C INPUT -p $proto -j f2b-my-app >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -j f2b-my-app; }
done
2024-05-09 10:05:31,921 fail2ban.utils          [1]: ERROR   7fdbd1ca59b0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-05-09 10:05:31,921 fail2ban.utils          [1]: ERROR   7fdbd1ca59b0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-05-09 10:05:31,921 fail2ban.utils          [1]: ERROR   7fdbd1ca59b0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-05-09 10:05:31,922 fail2ban.utils          [1]: ERROR   7fdbd1ca59b0 -- returned 4
2024-05-09 10:05:31,922 fail2ban.actions        [1]: ERROR   Failed to execute ban jail 'my-app' action 'iptables-allports' info 'ActionInfo({'ip': 'xxx-IP-TO-BAN-xxx', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fdbd22ce200>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fdbd22ce980>})': Error starting action Jail('my-app')/iptables-allports: 'Script error'
2024-05-09 10:05:32,205 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 10:05:32
2024-05-09 10:05:33,724 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 10:05:33
2024-05-09 10:05:37,109 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 10:05:36

crazy-max · 2024-05-09T14:39:39Z

@ngthwi Thanks for your feedback. I made some changes in #167 that should fix your issue. Can you pull crazymax/fail2ban:edge and try again?

ngthwi · 2024-05-09T15:42:28Z

Unfortunately still an error…
ps: thanks for your work and your time


2024-05-09 17:13:33,956 fail2ban.server         [1]: INFO    --------------------------------------------------
2024-05-09 17:13:33,956 fail2ban.server         [1]: INFO    Starting Fail2ban v1.1.0
2024-05-09 17:13:34,086 fail2ban.observer       [1]: INFO    Observer start...
2024-05-09 17:13:34,458 fail2ban.database       [1]: INFO    Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'
2024-05-09 17:13:35,832 fail2ban.jail           [1]: INFO    Creating new jail 'my-app'
2024-05-09 17:13:35,832 fail2ban.jail           [1]: INFO    Jail 'my-app' uses pyinotify {}
2024-05-09 17:13:35,833 fail2ban.jail           [1]: INFO    Initiated 'pyinotify' backend
2024-05-09 17:13:35,835 fail2ban.filter         [1]: INFO      maxRetry: 4
2024-05-09 17:13:35,835 fail2ban.filter         [1]: INFO      findtime: 600
2024-05-09 17:13:35,836 fail2ban.actions        [1]: INFO      banTime: 86400
2024-05-09 17:13:35,836 fail2ban.filter         [1]: INFO      encoding: UTF-8
2024-05-09 17:13:35,837 fail2ban.filter         [1]: INFO    Added logfile: '/log/my-app.log' (pos = 549040, hash = 9b7e7e45c84f4f287233dd1d9e01267571c5e4c1)
2024-05-09 17:13:36,640 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for #xxx-local-IP-xxx: [Errno -2] Name does not resolve
2024-05-09 17:13:36,665 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for #: [Errno -2] Name does not resolve
2024-05-09 17:13:36,830 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for optional: [Errno -2] Name does not resolve
2024-05-09 17:13:36,831 fail2ban.jail           [1]: INFO    Jail 'my-app' started
2024-05-09 17:13:37,225 fail2ban.actions        [1]: NOTICE  [my-app] Restore Ban xxx-IP-TO-BAN-xxx
2024-05-09 17:13:38,024 fail2ban.utils          [1]: ERROR   7f76657299b0 -- exec: { iptables -w -C f2b-my-app -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-my-app || true; iptables -w -A f2b-my-app -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C INPUT -p $proto -j f2b-my-app >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -j f2b-my-app; }
done
2024-05-09 17:13:38,024 fail2ban.utils          [1]: ERROR   7f76657299b0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-05-09 17:13:38,024 fail2ban.utils          [1]: ERROR   7f76657299b0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-05-09 17:13:38,024 fail2ban.utils          [1]: ERROR   7f76657299b0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-05-09 17:13:38,025 fail2ban.utils          [1]: ERROR   7f76657299b0 -- returned 4
2024-05-09 17:13:38,026 fail2ban.actions        [1]: ERROR   Failed to execute ban jail 'my-app' action 'iptables-allports' info 'ActionInfo({'ip': 'xxx-IP-TO-BAN-xxx', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f7665d52200>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f7665d52980>})': Error starting action Jail('my-app')/iptables-allports: 'Script error'
2024-05-09 17:15:22,976 fail2ban.server         [1]: INFO    Shutdown in progress...
2024-05-09 17:15:22,976 fail2ban.observer       [1]: INFO    Observer stop ... try to end queue 5 seconds
2024-05-09 17:15:22,997 fail2ban.observer       [1]: INFO    Observer stopped, 0 events remaining.
2024-05-09 17:15:23,037 fail2ban.server         [1]: INFO    Stopping all jails
2024-05-09 17:15:23,039 fail2ban.filter         [1]: INFO    Removed logfile: '/log/my-app.log'
2024-05-09 17:15:23,261 fail2ban.actions        [1]: NOTICE  [my-app] Flush ticket(s) with iptables-allports
2024-05-09 17:15:23,261 fail2ban.actions        [1]: NOTICE  [my-app] Unban xxx-IP-TO-BAN-xxx
2024-05-09 17:15:23,263 fail2ban.jail           [1]: INFO    Jail 'my-app' stopped
2024-05-09 17:15:23,264 fail2ban.database       [1]: INFO    Connection to database closed.
2024-05-09 17:15:23,264 fail2ban.server         [1]: INFO    Exiting Fail2ban

crazy-max · 2024-05-09T15:45:48Z

Can you give full logs please similar to https://github.com/crazy-max/docker-fail2ban/actions/runs/9018916105/job/24780580461#step:8:10:

fail2ban  | Setting timezone to Europe/Paris...
fail2ban  | Setting SSMTP configuration...
fail2ban  | WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails
fail2ban  | Initializing files and folders...
fail2ban  | Setting Fail2ban configuration...
fail2ban  | Checking for custom actions in /data/action.d...
fail2ban  | Checking for custom filters in /data/filter.d...
fail2ban  | WARNING: iptables-legacy enforced
fail2ban  | iptables v1.8.10 (legacy)
fail2ban  | nftables v1.0.9 (Old Doc Yak #3)
fail2ban  | 2024-05-09 16:35:40,812 fail2ban.configreader   [1]: INFO    Loading configs for fail2ban under /etc/fail2ban 
fail2ban  | 2024-05-09 16:35:40,813 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/fail2ban.conf']
fail2ban  | 2024-05-09 16:35:40,814 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/fail2ban.conf']
fail2ban  | 2024-05-09 16:35:40,814 fail2ban                [1]: INFO    Using socket file /var/run/fail2ban/fail2ban.sock
fail2ban  | 2024-05-09 16:35:40,814 fail2ban                [1]: INFO    Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to STDOUT
fail2ban  | 2024-05-09 16:35:40,816 fail2ban.configreader   [1]: INFO    Loading configs for jail under /etc/fail2ban 
fail2ban  | 2024-05-09 16:35:40,816 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/jail.conf']
fail2ban  | 2024-05-09 16:35:40,819 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-debian.conf']
fail2ban  | 2024-05-09 16:35:40,820 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-common.conf']
fail2ban  | 2024-05-09 16:35:40,820 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-overrides.local']
fail2ban  | 2024-05-09 16:35:40,820 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf']
fail2ban  | 2024-05-09 16:35:40,854 fail2ban.server         [1]: INFO    --------------------------------------------------
fail2ban  | 2024-05-09 16:35:40,854 fail2ban.server         [1]: INFO    Starting Fail2ban v1.1.0
fail2ban  | 2024-05-09 16:35:40,855 fail2ban.observer       [1]: INFO    Observer start...
fail2ban  | 2024-05-09 16:35:40,861 fail2ban.database       [1]: INFO    Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'
fail2ban  | 2024-05-09 16:35:40,864 fail2ban.database       [1]: WARNING New database created. Version '4'
fail2ban  | Server ready

ngthwi · 2024-05-09T16:19:28Z

Sorry I'm confused... I forgot to repull the image...
It's fixed now!
Thank you very much

ngthwi · 2024-05-09T16:44:50Z

Can you give full logs please similar to https://github.com/crazy-max/docker-fail2ban/actions/runs/9018916105/job/24780580461#step:8:10:

Setting timezone to Europe/Brussels...
Setting SSMTP configuration...
WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails
Initializing files and folders...
Setting Fail2ban configuration...
Checking for custom actions in /data/action.d...
  Add custom action iptables.local...
Checking for custom filters in /data/filter.d...
  Add custom filter my-app.conf...
WARNING: iptables-nft is not supported by the host, falling back to iptables-legacy
iptables v1.8.10 (legacy)
nftables v1.0.9 (Old Doc Yak #3)
2024-05-09 18:12:43,399 fail2ban.configreader   [1]: INFO    Loading configs for fail2ban under /etc/fail2ban 
2024-05-09 18:12:43,400 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/fail2ban.conf']
2024-05-09 18:12:43,402 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/fail2ban.conf']
2024-05-09 18:12:43,402 fail2ban                [1]: INFO    Using socket file /var/run/fail2ban/fail2ban.sock
2024-05-09 18:12:43,403 fail2ban                [1]: INFO    Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to /data/fail2ban.log
2024-05-09 18:12:43,407 fail2ban.configreader   [1]: INFO    Loading configs for jail under /etc/fail2ban 
2024-05-09 18:12:43,408 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/jail.conf']
2024-05-09 18:12:43,462 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-debian.conf']
2024-05-09 18:12:43,631 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-common.conf']
2024-05-09 18:12:43,652 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-overrides.local']
2024-05-09 18:12:43,849 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/jail.d/my-app.conf']
2024-05-09 18:12:43,850 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/my-app.conf']
2024-05-09 18:12:43,913 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/filter.d/common.conf']
2024-05-09 18:12:43,948 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/filter.d/common.local']
2024-05-09 18:12:43,951 fail2ban.configreader   [1]: INFO    Loading configs for action.d/iptables-allports under /etc/fail2ban 
2024-05-09 18:12:43,952 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables-allports.conf']
2024-05-09 18:12:43,953 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables.conf']
2024-05-09 18:12:43,965 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables.local']
2024-05-09 18:12:43,968 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables.conf', '/etc/fail2ban/action.d/iptables.local', '/etc/fail2ban/action.d/iptables-allports.conf']
[edited]
2024-05-09 18:12:43,997 fail2ban.configreader   [1]: INFO    Loading configs for filter.d/my-app under /etc/fail2ban 
2024-05-09 18:12:43,998 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/filter.d/my-app.conf']
2024-05-09 18:12:43,998 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/my-app.conf']
INFO   [#          ] Waiting on the server...
#  # # #
                                             
Server ready

ngthwi · 2024-05-09T16:45:54Z

2024-05-09 18:12:47,511 fail2ban.server         [1]: INFO    --------------------------------------------------
2024-05-09 18:12:47,516 fail2ban.server         [1]: INFO    Starting Fail2ban v1.1.0
2024-05-09 18:12:47,518 fail2ban.observer       [1]: INFO    Observer start...
2024-05-09 18:12:48,013 fail2ban.database       [1]: INFO    Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'
2024-05-09 18:12:49,528 fail2ban.jail           [1]: INFO    Creating new jail 'my-app'
2024-05-09 18:12:49,528 fail2ban.jail           [1]: INFO    Jail 'my-app' uses pyinotify {}
2024-05-09 18:12:49,529 fail2ban.jail           [1]: INFO    Initiated 'pyinotify' backend
2024-05-09 18:12:49,531 fail2ban.filter         [1]: INFO      maxRetry: 4
2024-05-09 18:12:49,532 fail2ban.filter         [1]: INFO      findtime: 600
2024-05-09 18:12:49,532 fail2ban.actions        [1]: INFO      banTime: 86400
2024-05-09 18:12:49,533 fail2ban.filter         [1]: INFO      encoding: UTF-8
2024-05-09 18:12:49,533 fail2ban.filter         [1]: INFO    Added logfile: '/log/my-app.log' (pos = 549040, hash = 9b7e7e45c84f4f287233dd1d9e01267571c5e4c1)
2024-05-09 18:12:50,130 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for #xxx-local-IP-xxx/16: [Errno -2] Name does not resolve
2024-05-09 18:12:50,131 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for #: [Errno -2] Name does not resolve
2024-05-09 18:12:50,133 fail2ban.ipdns          [1]: WARNING Unable to find a corresponding IP address for optional: [Errno -2] Name does not resolve
2024-05-09 18:12:50,133 fail2ban.jail           [1]: INFO    Jail 'my-app' started
2024-05-09 18:12:50,172 fail2ban.actions        [1]: NOTICE  [my-app] Restore Ban xxx-IP-TO-BAN-xxx
2024-05-09 18:16:17,562 fail2ban.actions        [1]: NOTICE  [my-app] Unban xxx-IP-TO-BAN-xxx
2024-05-09 18:16:58,131 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 18:16:58
2024-05-09 18:16:59,917 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 18:16:59
2024-05-09 18:17:01,733 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 18:17:01
2024-05-09 18:17:03,280 fail2ban.filter         [1]: INFO    [my-app] Found xxx-IP-TO-BAN-xxx - 2024-05-09 18:17:03
2024-05-09 18:17:03,654 fail2ban.actions        [1]: NOTICE  [my-app] Ban xxx-IP-TO-BAN-xxx

lluisd · 2024-10-24T11:00:51Z

in my case is not working

---
services:
  fail2ban:
    image: crazymax/fail2ban:edge
    container_name: fail2ban
    cap_add:
      - NET_ADMIN
      - NET_RAW
    network_mode: host
    environment:
      - PUID=1032
      - PGID=100
      - TZ=Europe/Madrid
    volumes:
      - /volume1/docker/fail2ban/data:/data
      #- /var/log:/var/log:ro
      - /volume1/docker/jellyfin/config/log:/remotelogs/jellyfin:ro
    restart: unless-stopped

Logs:

Setting timezone to Europe/Madrid...

Setting SSMTP configuration...

WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails

Initializing files and folders...

Setting Fail2ban configuration...

Checking for custom actions in /data/action.d...

Checking for custom filters in /data/filter.d...

  Add custom filter jellyfin.conf...

WARNING: iptables-nft is not supported by the host, falling back to iptables-legacy

iptables v1.8.10 (legacy)

nftables v1.0.9 (Old Doc Yak #3)

2024-10-24 13:02:44,550 fail2ban.configreader   [1]: INFO    Loading configs for fail2ban under /etc/fail2ban 

2024-10-24 13:02:44,551 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/fail2ban.conf']

2024-10-24 13:02:44,552 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/fail2ban.conf']

2024-10-24 13:02:44,552 fail2ban                [1]: INFO    Using socket file /var/run/fail2ban/fail2ban.sock

2024-10-24 13:02:44,553 fail2ban                [1]: INFO    Using pid file /var/run/fail2ban/fail2ban.pid, [INFO] logging to STDOUT

2024-10-24 13:02:44,557 fail2ban.configreader   [1]: INFO    Loading configs for jail under /etc/fail2ban 

2024-10-24 13:02:44,558 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/jail.conf']

2024-10-24 13:02:44,566 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-debian.conf']

2024-10-24 13:02:44,567 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-common.conf']

2024-10-24 13:02:44,568 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-overrides.local']

2024-10-24 13:02:44,569 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/jail.d/jellyfin.local']

2024-10-24 13:02:44,569 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/jellyfin.local']

2024-10-24 13:02:44,578 fail2ban.configreader   [1]: INFO    Loading configs for filter.d/jellyfin under /etc/fail2ban 

2024-10-24 13:02:44,579 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/filter.d/jellyfin.conf']

2024-10-24 13:02:44,579 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/filter.d/jellyfin.conf']

2024-10-24 13:02:44,581 fail2ban.configreader   [1]: INFO    Loading configs for action.d/iptables-allports under /etc/fail2ban 

2024-10-24 13:02:44,582 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables-allports.conf']

2024-10-24 13:02:44,583 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables.conf']

2024-10-24 13:02:44,585 fail2ban.configparserinc[1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables.conf', '/etc/fail2ban/action.d/iptables-allports.conf']

2024-10-24 13:02:44,684 fail2ban.server         [1]: INFO    --------------------------------------------------

2024-10-24 13:02:44,684 fail2ban.server         [1]: INFO    Starting Fail2ban v1.1.0

2024-10-24 13:02:44,685 fail2ban.observer       [1]: INFO    Observer start...

2024-10-24 13:02:44,695 fail2ban.database       [1]: INFO    Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'

2024-10-24 13:02:44,696 fail2ban.jail           [1]: INFO    Creating new jail 'jellyfin'

2024-10-24 13:02:44,711 fail2ban.jail           [1]: INFO    Jail 'jellyfin' uses pyinotify {}

2024-10-24 13:02:44,712 fail2ban.jail           [1]: INFO    Initiated 'pyinotify' backend

2024-10-24 13:02:44,715 fail2ban.filter         [1]: INFO      maxRetry: 3

2024-10-24 13:02:44,717 fail2ban.filter         [1]: INFO      findtime: 43200

2024-10-24 13:02:44,718 fail2ban.actions        [1]: INFO      banTime: 86400

2024-10-24 13:02:44,718 fail2ban.filter         [1]: INFO      encoding: UTF-8

2024-10-24 13:02:44,718 fail2ban.filter         [1]: INFO    Added logfile: '/remotelogs/jellyfin/log_20241022.log' (pos = 50177, hash = 60e13c1db3e2c2700a452c063c947c3256c584ad)

2024-10-24 13:02:44,719 fail2ban.filter         [1]: INFO    Added logfile: '/remotelogs/jellyfin/log_20241023.log' (pos = 129611, hash = d1b5dde52367b2d7b57b2309c24960c74f1993a1)

2024-10-24 13:02:44,719 fail2ban.filter         [1]: INFO    Added logfile: '/remotelogs/jellyfin/log_20241024.log' (pos = 64518, hash = 02b4e0cc8920b9019966231c30a2fd1d858ce441)

2024-10-24 13:02:44,735 fail2ban.jail           [1]: INFO    Jail 'jellyfin' started

�
Server ready

2024-10-24 13:02:44,921 fail2ban.actions        [1]: NOTICE  [jellyfin] Restore Ban x.x.x.x
2024-10-24 13:02:44,976 fail2ban.utils          [1]: ERROR   7febec525c50 -- exec: iptables -w -I f2b-jellyfin 1 -s x.x.x.x -j REJECT --reject-with icmp-port-unreachable

2024-10-24 13:02:44,977 fail2ban.utils          [1]: ERROR   7febec525c50 -- stderr: 'Warning: Extension REJECT revision 0 not supported, missing kernel module?'

2024-10-24 13:02:44,977 fail2ban.utils          [1]: ERROR   7febec525c50 -- stderr: 'iptables: No chain/target/match by that name.'

2024-10-24 13:02:44,978 fail2ban.utils          [1]: ERROR   7febec525c50 -- returned 1

2024-10-24 13:02:44,995 fail2ban.utils          [1]: ERROR   7febec525c50 -- exec: iptables -w -I f2b-jellyfin 1 -s x.x.x.x -j REJECT --reject-with icmp-port-unreachable

2024-10-24 13:02:44,996 fail2ban.utils          [1]: ERROR   7febec525c50 -- stderr: 'Warning: Extension REJECT revision 0 not supported, missing kernel module?'

2024-10-24 13:02:44,996 fail2ban.utils          [1]: ERROR   7febec525c50 -- stderr: 'iptables: No chain/target/match by that name.'

2024-10-24 13:02:44,996 fail2ban.utils          [1]: ERROR   7febec525c50 -- returned 1

2024-10-24 13:02:44,996 fail2ban.actions        [1]: ERROR   Failed to execute ban jail 'jellyfin' action 'iptables-allports' info 'ActionInfo({'ip': 'x.x.x.x', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7febec4b5a80>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7febec4b6200>})': Error banning x.x.x.x

ngthwi added kind/bug status/triage labels May 8, 2024

ngthwi mentioned this issue May 8, 2024

iptables-common not working sosandroid/docker-fail2ban-synology#6

Open

ngthwi changed the title ~~Synology compatibility issue with docker-fail2ban:1.1.0~~ docker-fail2ban:1.1.0 compatibility issue with Synology May 8, 2024

crazy-max added status/needs-investigation and removed status/triage labels May 9, 2024

crazy-max mentioned this issue May 9, 2024

iptables-legacy support for older kernels #165

Merged

crazy-max closed this as completed in #165 May 9, 2024

crazy-max reopened this May 9, 2024

This was referenced May 9, 2024

use iptables-wrappers to switch between legacy and nft #166

Closed

fallback to iptables-legacy if host doesn't support nft #167

Merged

crazy-max closed this as completed in #167 May 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docker-fail2ban:1.1.0 compatibility issue with Synology #164

docker-fail2ban:1.1.0 compatibility issue with Synology #164

ngthwi commented May 8, 2024 •

edited

Loading

crazy-max commented May 9, 2024

crazy-max commented May 9, 2024

ngthwi commented May 9, 2024

crazy-max commented May 9, 2024

ngthwi commented May 9, 2024

crazy-max commented May 9, 2024

ngthwi commented May 9, 2024 •

edited

Loading

ngthwi commented May 9, 2024

ngthwi commented May 9, 2024

lluisd commented Oct 24, 2024 •

edited

Loading

docker-fail2ban:1.1.0 compatibility issue with Synology #164

docker-fail2ban:1.1.0 compatibility issue with Synology #164

Comments

ngthwi commented May 8, 2024 • edited Loading

Support guidelines

I've found a bug and checked that ...

Description

Expected behaviour

Actual behaviour

Steps to reproduce

Docker info

Docker Compose config

Logs

Additional info

crazy-max commented May 9, 2024

crazy-max commented May 9, 2024

ngthwi commented May 9, 2024

crazy-max commented May 9, 2024

ngthwi commented May 9, 2024

crazy-max commented May 9, 2024

ngthwi commented May 9, 2024 • edited Loading

ngthwi commented May 9, 2024

ngthwi commented May 9, 2024

lluisd commented Oct 24, 2024 • edited Loading

ngthwi commented May 8, 2024 •

edited

Loading

ngthwi commented May 9, 2024 •

edited

Loading

lluisd commented Oct 24, 2024 •

edited

Loading