Initial release: F2B Control Center v1.0

Fail2Ban + Nginx Proxy Manager dashboard in a single Docker container. Features: - Auto-ban via badbot, http-errors, npm-probe, manual-bans, recidive jails - Web dashboard: live ban grid, log scanner, per-IP access log viewer - iptables-nft banning (DOCKER-USER + INPUT chains) - Optional Cloudflare WAF banning - Optional AbuseIPDB threat scoring - Two-tier IP management: whitelist (trusted) vs exempt (reviewed) - Auto log-file detection via logwatch (no restart needed for new NPM hosts)
2026-02-20 18:59:56 +00:00
commit c104e27506
24 changed files with 3333 additions and 0 deletions
--- a/fail2ban/jail.cloudflare.local
+++ b/fail2ban/jail.cloudflare.local
@@ -0,0 +1,74 @@
+# ── F2B Control Center — jail configuration (Cloudflare) ─────────────────────
+# Installed when CF_EMAIL + CF_APIKEY are set in docker-compose.yml.
+# Adds the Cloudflare WAF action to every jail alongside iptables.
+# Credentials are injected from environment — not stored here.
+# ─────────────────────────────────────────────────────────────────────────────
+
+[DEFAULT]
+bantime    = 1h
+findtime   = 10m
+maxretry   = 5
+allowipv6  = auto
+
+# Populated by entrypoint from SUBNETS_TO_IGNORE env var on first run.
+# Updated live by the dashboard — do not edit by hand.
+ignoreip = 127.0.0.1/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+
+# Cloudflare credentials — set CF_EMAIL and CF_APIKEY in docker-compose.yml.
+cf_email  = %(ENV[CF_EMAIL])s
+cf_apikey = %(ENV[CF_APIKEY])s
+
+# ── NPM: Bad Bots ─────────────────────────────────────────────────────────────
+[badbot]
+enabled  = true
+filter   = badbot
+logpath  = /nginx-logs/proxy-host-*_access.log
+bantime  = 24h
+findtime = 10m
+maxretry = 3
+action   = docker-npm
+           cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]
+
+# ── NPM: HTTP Error Spamming ──────────────────────────────────────────────────
+[http-errors]
+enabled  = true
+filter   = http-errors
+logpath  = /nginx-logs/proxy-host-*_access.log
+bantime  = 1h
+findtime = 5m
+maxretry = 15
+action   = docker-npm
+           cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]
+
+# ── NPM: Exploit Probing ──────────────────────────────────────────────────────
+[npm-probe]
+enabled  = true
+filter   = npm-probe
+logpath  = /nginx-logs/proxy-host-*_access.log
+bantime  = 48h
+findtime = 30m
+maxretry = 3
+action   = docker-npm
+           cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]
+
+# ── Manual Bans ───────────────────────────────────────────────────────────────
+[manual-bans]
+enabled  = true
+filter   = manual-bans
+logpath  = /dev/null
+bantime  = -1
+findtime = 1d
+maxretry = 1
+action   = docker-npm
+           cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]
+
+# ── Recidive — repeat offenders ───────────────────────────────────────────────
+[recidive]
+enabled  = false
+filter   = recidive
+logpath  = /var/log/fail2ban.log
+bantime  = 7d
+findtime = 1d
+maxretry = 3
+action   = docker-npm
+           cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]