Initial release: F2B Control Center v1.0

Fail2Ban + Nginx Proxy Manager dashboard in a single Docker container. Features: - Auto-ban via badbot, http-errors, npm-probe, manual-bans, recidive jails - Web dashboard: live ban grid, log scanner, per-IP access log viewer - iptables-nft banning (DOCKER-USER + INPUT chains) - Optional Cloudflare WAF banning - Optional AbuseIPDB threat scoring - Two-tier IP management: whitelist (trusted) vs exempt (reviewed) - Auto log-file detection via logwatch (no restart needed for new NPM hosts)
2026-02-20 18:59:56 +00:00
commit c104e27506
24 changed files with 3333 additions and 0 deletions
--- a/fail2ban/action.d/cloudflare.conf
+++ b/fail2ban/action.d/cloudflare.conf
@@ -0,0 +1,33 @@
+[Definition]
+
+# Blocks/unblocks IPs at the Cloudflare account level via the Access Rules API.
+# Bans are enforced by Cloudflare before traffic reaches your server.
+# Enable by setting CF_EMAIL + CF_APIKEY in docker-compose.yml.
+#
+# NOTE: Uses the user-level API — applies across all zones on your account.
+# For zone-scoped rules replace the URL with:
+#   https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/firewall/access_rules/rules
+
+actionban = curl -s -X POST \
+              -H "X-Auth-Email: %(cf_email)s" \
+              -H "X-Auth-Key: %(cf_apikey)s" \
+              -H "Content-Type: application/json" \
+              -d "{\"mode\":\"block\",\"configuration\":{\"target\":\"ip\",\"value\":\"<ip>\"},\"notes\":\"f2b-cc: <name>\"}" \
+              "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
+              > /dev/null 2>&1 || true
+
+actionunban = RULE_ID=$(curl -s \
+                -H "X-Auth-Email: %(cf_email)s" \
+                -H "X-Auth-Key: %(cf_apikey)s" \
+                "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?configuration_target=ip&configuration_value=<ip>&mode=block&page=1&per_page=1" | \
+                jq -r '.result[0].id // empty' 2>/dev/null) ; \
+              [ -n "$RULE_ID" ] && \
+              curl -s -X DELETE \
+                -H "X-Auth-Email: %(cf_email)s" \
+                -H "X-Auth-Key: %(cf_apikey)s" \
+                "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$RULE_ID" \
+                > /dev/null 2>&1 || true
+
+[Init]
+cf_email  =
+cf_apikey =