DEV Community

Cover image for Block IPs on all ports with fail2ban on a docker host
Mathias Stjernstrom
Mathias Stjernstrom

Posted on

2 1

Block IPs on all ports with fail2ban on a docker host

Playing around with fail2ban on a local docker host I found that when blocking a host, all docker containers with open ports where still accessible.

I tried several different ways of getting the IP block to really block everything.

This is some notes from the steps I took to solve the problem.

  • Update your package lists
apt update
Enter fullscreen mode Exit fullscreen mode
  • Install fail2ban
apt install fail2ban
Enter fullscreen mode Exit fullscreen mode
  • We do not edit the default jail.conf since it can be overwritten by updates. So we create a new config for fail2ban.
vim /etc/fail2ban/jail.local
Enter fullscreen mode Exit fullscreen mode

For this simple demonstration we are going to block all failed attempt over SSH. And we want to block the remote IP for 600s, for all services and ports.

[sshd]
ignoreip = 127.0.0.1
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime  = 600
findtime = 600
action = iptables-allports[actname=sshd,name=sshd,protocol=all]
         iptables-allports[actname=sshd-docker,name=sshd-docker,protocol=all,chain=DOCKER]

Enter fullscreen mode Exit fullscreen mode

The trick was to setup two actions. One for the normal chain/traffic and one for dockers CHAIN.

Doing this block sessions not only to the host but also all containers.

Image of Docusign

Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay