Fail2Ban-Dashboard---NPM/fail2ban/action.d/docker-npm.conf

[Definition]

# Three rules per ban:
# 1. DOCKER-USER source: blocks direct connections from the banned IP to any container
# 2. DOCKER-USER xt_string: blocks CDN-proxied requests where real IP is in X-Forwarded-For
#    (requires xt_string kernel module on the host: modprobe xt_string)
# 3. INPUT: blocks direct connections to host services

actionban = iptables -I DOCKER-USER -s <ip> -j DROP
            iptables -I DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP 2>/dev/null || true
            iptables -A INPUT -s <ip> -j DROP

actionunban = iptables -D DOCKER-USER -s <ip> -j DROP || true
              iptables -D DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP 2>/dev/null || true
              iptables -D INPUT -s <ip> -j DROP || true