mykey/Fail2Ban-Dashboard---NPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9f7060b7fd292e95af912b9f76a429657e7083ee
Fail2Ban-Dashboard---NPM/fail2ban/action.d/cloudflare.conf
gitea 920b69cfca feat: plug-and-play refactor — docker-npm action, CF support, whitelist live-update 
- Replace iptables-allports with docker-npm action (DOCKER-USER + xt_string
  X-Forwarded-For matching + INPUT chain) matching user's working setup
- Add telegram_notif.sh (deployed to /data/action.d/ at first run, user-editable)
- Add cloudflare.conf action; jail.cloudflare.local enabled via CF compose file
- Two compose files: docker-compose.yml (standard) and docker-compose.cloudflare.yml
- entrypoint: modprobe xt_string, DOCKER-USER chain check, CF jail auto-selection,
  telegram_notif.sh deployment to persistent volume on first run
- Fix whitelist live-update: addignoreip/delignoreip called alongside jail.local write
- Hardcode AUTOBAN_THR=75 and DEFAULT_DAYS=3 (remove env vars)
- Include Nginx Proxy Manager in both compose files with shared log bind mount
- Rewrite filters for actual NPM log format ([Client <HOST>] real IP extraction)
- Add DATA_DIR, Telegram, CF API key fields to .env.example

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 15:08:06 +00:00

45 lines
2.4 KiB
Plaintext
Raw Blame History

[Definition]
# ── Cloudflare IP Access Rules action ────────────────────────────────────────
#
# Blocks/unblocks IPs at the Cloudflare account level via the Access Rules API.
# When enabled, a ban will be enforced by Cloudflare before traffic even
# reaches your server — the most effective layer for high-volume attackers.
#
# SETUP:
# 1. Get your Global API Key from:
# https://dash.cloudflare.com/profile/api-tokens
# 2. Set CF_EMAIL and CF_APIKEY in your .env file
# 3. Use docker-compose.cloudflare.yml instead of docker-compose.yml
#
# NOTE: This uses the user-level Access Rules API, which applies the block
# across all zones on your Cloudflare account. For zone-scoped rules,
# replace the URL with:
# https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/firewall/access_rules/rules
# ─────────────────────────────────────────────────────────────────────────────
actionban = curl -s -X POST \
-H "X-Auth-Email: %(cf_email)s" \
-H "X-Auth-Key: %(cf_apikey)s" \
-H "Content-Type: application/json" \
-d "{\"mode\":\"block\",\"configuration\":{\"target\":\"ip\",\"value\":\"<ip>\"},\"notes\":\"f2b-cc: <name>\"}" \
"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
> /dev/null 2>&1 || true
actionunban = RULE_ID=$(curl -s \
-H "X-Auth-Email: %(cf_email)s" \
-H "X-Auth-Key: %(cf_apikey)s" \
"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?configuration_target=ip&configuration_value=<ip>&mode=block&page=1&per_page=1" | \
python3 -c "import sys,json; r=json.load(sys.stdin).get('result',[]); print(r[0]['id'] if r else '')" 2>/dev/null) ; \
[ -n "$RULE_ID" ] && \
curl -s -X DELETE \
-H "X-Auth-Email: %(cf_email)s" \
-H "X-Auth-Key: %(cf_apikey)s" \
"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$RULE_ID" \
> /dev/null 2>&1 || true
[Init]
# Populated from environment via jail.local — do not set here
cf_email =
cf_apikey =
Reference in New Issue View Git Blame Copy Permalink