mykey/Fail2Ban-Dashboard---NPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add NET_ADMIN/NET_RAW caps; fix ban rules for direct traffic

Browse Source 
- docker-compose: add cap_add NET_ADMIN + NET_RAW — without these,
  iptables commands inside the container silently fail (permission denied)
  so bans were recorded in fail2ban but no rules were ever applied
- docker-npm.conf: add DOCKER-USER source IP rule so direct connections
  to NPM are blocked (INPUT rule only covers host services, not containers)
  xt_string rule now has || true so missing module doesn't abort the ban

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
gitea
2026-02-20 17:00:57 +00:00
parent ec97c06d07
commit 4f0129053c
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docker-compose.yml
View File

@@ -21,6 +21,9 @@ services:
depends_on:
- npm
network_mode: host
cap_add:
- NET_ADMIN
- NET_RAW
environment:
PORT: "4000"
SUBNETS_TO_IGNORE: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"