gitea
c104e27506
Fail2Ban + Nginx Proxy Manager dashboard in a single Docker container. Features: - Auto-ban via badbot, http-errors, npm-probe, manual-bans, recidive jails - Web dashboard: live ban grid, log scanner, per-IP access log viewer - iptables-nft banning (DOCKER-USER + INPUT chains) - Optional Cloudflare WAF banning - Optional AbuseIPDB threat scoring - Two-tier IP management: whitelist (trusted) vs exempt (reviewed) - Auto log-file detection via logwatch (no restart needed for new NPM hosts)
16 lines
821 B
Plaintext
16 lines
821 B
Plaintext
[Definition]
|
|
|
|
# Three rules per ban:
|
|
# 1. DOCKER-USER source: blocks direct connections from the banned IP to any container
|
|
# 2. DOCKER-USER xt_string: blocks CDN-proxied requests where real IP is in X-Forwarded-For
|
|
# (requires xt_string kernel module on the host: modprobe xt_string)
|
|
# 3. INPUT: blocks direct connections to host services
|
|
|
|
actionban = iptables-nft -I DOCKER-USER -s <ip> -j DROP
|
|
iptables-nft -I DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP 2>/dev/null || true
|
|
iptables-nft -A INPUT -s <ip> -j DROP
|
|
|
|
actionunban = iptables-nft -D DOCKER-USER -s <ip> -j DROP || true
|
|
iptables-nft -D DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP 2>/dev/null || true
|
|
iptables-nft -D INPUT -s <ip> -j DROP || true
|