[Definition]

# Drops traffic two ways:
# - DOCKER-USER: matches X-Forwarded-For header in forwarded packets (CDN/proxy setups)
# - INPUT: drops direct connections at the host level
# Requires xt_string kernel module on the host (modprobe xt_string).

actionban = iptables -I DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP
            iptables -A INPUT -s <ip> -j DROP

actionunban = iptables -D DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP || true
              iptables -D INPUT -s <ip> -j DROP || true