Initial release: F2B Control Center v1.0

Fail2Ban + Nginx Proxy Manager dashboard in a single Docker container.

Features:
- Auto-ban via badbot, http-errors, npm-probe, manual-bans, recidive jails
- Web dashboard: live ban grid, log scanner, per-IP access log viewer
- iptables-nft banning (DOCKER-USER + INPUT chains)
- Optional Cloudflare WAF banning
- Optional AbuseIPDB threat scoring
- Two-tier IP management: whitelist (trusted) vs exempt (reviewed)
- Auto log-file detection via logwatch (no restart needed for new NPM hosts)

logwatch.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+# ── Log file watcher ──────────────────────────────────────────────────────────
+# Polls /nginx-logs every 30s. If a new proxy-host-*_access.log appears,
+# reloads fail2ban so it picks up the new file immediately.
+# ─────────────────────────────────────────────────────────────────────────────
+
+LOG_DIR="${LOG_DIR:-/nginx-logs}"
+INTERVAL=30
+
+known=$(ls "$LOG_DIR"/proxy-host-*_access.log 2>/dev/null | sort | tr '\n' ':')
+
+echo "[logwatch] Watching $LOG_DIR for new proxy-host log files..."
+
+while true; do
+    sleep "$INTERVAL"
+    current=$(ls "$LOG_DIR"/proxy-host-*_access.log 2>/dev/null | sort | tr '\n' ':')
+    if [ "$current" != "$known" ]; then
+        echo "[logwatch] New log file(s) detected — reloading fail2ban"
+        fail2ban-client reload 2>&1 | sed 's/^/[logwatch] /'
+        known="$current"
+    fi
+done