mykey/Fail2Ban-Dashboard---NPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: plug-and-play refactor — docker-npm action, CF support, whitelist live-update

Browse Source 
- Replace iptables-allports with docker-npm action (DOCKER-USER + xt_string
  X-Forwarded-For matching + INPUT chain) matching user's working setup
- Add telegram_notif.sh (deployed to /data/action.d/ at first run, user-editable)
- Add cloudflare.conf action; jail.cloudflare.local enabled via CF compose file
- Two compose files: docker-compose.yml (standard) and docker-compose.cloudflare.yml
- entrypoint: modprobe xt_string, DOCKER-USER chain check, CF jail auto-selection,
  telegram_notif.sh deployment to persistent volume on first run
- Fix whitelist live-update: addignoreip/delignoreip called alongside jail.local write
- Hardcode AUTOBAN_THR=75 and DEFAULT_DAYS=3 (remove env vars)
- Include Nginx Proxy Manager in both compose files with shared log bind mount
- Rewrite filters for actual NPM log format ([Client <HOST>] real IP extraction)
- Add DATA_DIR, Telegram, CF API key fields to .env.example

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
gitea
2026-02-20 15:08:06 +00:00
parent dd7f8dd1a2
commit 920b69cfca
14 changed files with 446 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
fail2ban/action.d/docker-npm.conf Normal file
View File

@@ -0,0 +1,21 @@
[Definition]
# ── Lifecycle notifications ───────────────────────────────────────────────────
actionstart = bash /data/action.d/telegram_notif.sh -a start
actionstop = bash /data/action.d/telegram_notif.sh -a stop
# ── Ban ───────────────────────────────────────────────────────────────────────
# 1. DOCKER-USER: drops forwarded packets containing the banned IP in the
# X-Forwarded-For header — catches traffic coming through Cloudflare/CDN
# where the real client IP is forwarded as a header to NPM.
# 2. INPUT: drops direct connections from the banned IP at the host level.
# 3. Telegram notification (silent if TELEGRAM_BOT_TOKEN is unset).
actionban = iptables -I DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP
iptables -A INPUT -s <ip> -j DROP
bash /data/action.d/telegram_notif.sh -b <ip> -r "<name>"
# ── Unban ─────────────────────────────────────────────────────────────────────
# || true prevents failure if the rule was already removed (e.g. on restart).
actionunban = iptables -D DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP || true
iptables -D INPUT -s <ip> -j DROP || true
bash /data/action.d/telegram_notif.sh -u <ip>