# ── F2B Control Center — jail configuration (Cloudflare) ───────────────────── # # Used when CF_EMAIL and CF_APIKEY are set (docker-compose.cloudflare.yml). # Identical to jail.local but adds the cloudflare action to every jail so # bans are enforced at both the iptables and Cloudflare WAF levels. # # CF credentials are read from environment variables — no credentials are # stored in this file. # ───────────────────────────────────────────────────────────────────────────── [DEFAULT] bantime = 1h findtime = 10m maxretry = 5 # Populated by entrypoint from SUBNETS_TO_IGNORE env var on first run. # Updated live by the dashboard — do not edit by hand. ignoreip = 127.0.0.1/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 # Cloudflare credentials — injected from environment at runtime. # Set CF_EMAIL and CF_APIKEY in your .env file. cf_email = %(ENV[CF_EMAIL])s cf_apikey = %(ENV[CF_APIKEY])s # ── NPM: Bad Bots ───────────────────────────────────────────────────────────── [badbot] enabled = true filter = badbot logpath = /nginx-logs/proxy-host-*_access.log bantime = 24h findtime = 10m maxretry = 3 action = docker-npm cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"] # ── NPM: HTTP Error Spamming ────────────────────────────────────────────────── [http-errors] enabled = true filter = http-errors logpath = /nginx-logs/proxy-host-*_access.log bantime = 1h findtime = 5m maxretry = 15 action = docker-npm cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"] # ── NPM: Exploit Probing ────────────────────────────────────────────────────── [npm-probe] enabled = true filter = npm-probe logpath = /nginx-logs/proxy-host-*_access.log bantime = 48h findtime = 30m maxretry = 3 action = docker-npm cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"] # ── Manual Bans ─────────────────────────────────────────────────────────────── [manual-bans] enabled = true filter = manual-bans logpath = /dev/null bantime = -1 findtime = 1d maxretry = 1 action = docker-npm cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"] # ── Recidive — repeat offenders ─────────────────────────────────────────────── [recidive] enabled = false filter = recidive logpath = /var/log/fail2ban.log bantime = 7d findtime = 1d maxretry = 3 action = docker-npm cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]