Initial release: F2B Control Center v1.0

Fail2Ban + Nginx Proxy Manager dashboard in a single Docker container. Features: - Auto-ban via badbot, http-errors, npm-probe, manual-bans, recidive jails - Web dashboard: live ban grid, log scanner, per-IP access log viewer - iptables-nft banning (DOCKER-USER + INPUT chains) - Optional Cloudflare WAF banning - Optional AbuseIPDB threat scoring - Two-tier IP management: whitelist (trusted) vs exempt (reviewed) - Auto log-file detection via logwatch (no restart needed for new NPM hosts)
2026-02-20 18:59:56 +00:00
commit c104e27506
24 changed files with 3333 additions and 0 deletions
--- a/fail2ban/jail.local
+++ b/fail2ban/jail.local
@@ -0,0 +1,69 @@
+# ── F2B Control Center — jail configuration ───────────────────────────────────
+# Installed to /etc/fail2ban/jail.local on first container start.
+# Persisted in the f2b-config Docker volume — survives image updates.
+#
+# CLOUDFLARE: set CF_EMAIL + CF_APIKEY in docker-compose.yml to enable WAF banning.
+# ─────────────────────────────────────────────────────────────────────────────
+
+[DEFAULT]
+bantime    = 1h
+findtime   = 10m
+maxretry   = 5
+allowipv6  = auto
+
+# Populated by entrypoint from SUBNETS_TO_IGNORE env var on first run.
+# Updated live by the dashboard — do not edit by hand.
+ignoreip = 127.0.0.1/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+
+# ── NPM: Bad Bots ─────────────────────────────────────────────────────────────
+[badbot]
+enabled  = true
+filter   = badbot
+logpath  = /nginx-logs/proxy-host-*_access.log
+bantime  = 24h
+findtime = 10m
+maxretry = 3
+action   = docker-npm
+
+# ── NPM: HTTP Error Spamming ──────────────────────────────────────────────────
+[http-errors]
+enabled  = true
+filter   = http-errors
+logpath  = /nginx-logs/proxy-host-*_access.log
+bantime  = 1h
+findtime = 5m
+maxretry = 15
+action   = docker-npm
+
+# ── NPM: Exploit Probing ──────────────────────────────────────────────────────
+[npm-probe]
+enabled  = true
+filter   = npm-probe
+logpath  = /nginx-logs/proxy-host-*_access.log
+bantime  = 48h
+findtime = 30m
+maxretry = 3
+action   = docker-npm
+
+# ── Manual Bans ───────────────────────────────────────────────────────────────
+# Populated via dashboard or: fail2ban-client set manual-bans banip <IP>
+[manual-bans]
+enabled  = true
+filter   = manual-bans
+logpath  = /dev/null
+bantime  = -1
+findtime = 1d
+maxretry = 1
+action   = docker-npm
+
+# ── Recidive — repeat offenders ───────────────────────────────────────────────
+# Escalates bans to 7d for IPs that get banned 3+ times within a day.
+# Enable once your other jails have been running for a while.
+[recidive]
+enabled  = false
+filter   = recidive
+logpath  = /var/log/fail2ban.log
+bantime  = 7d
+findtime = 1d
+maxretry = 3
+action   = docker-npm