gitea
1be79cbd3e
- Remove telegram_notif.sh and all Telegram references - Remove webhook.conf fail2ban action (dashboard webhook stays) - docker-npm.conf: iptables ban/unban only, no lifecycle hooks - Merge docker-compose.cloudflare.yml into docker-compose.yml CF_EMAIL/CF_APIKEY always present — fill in to enable WAF banning - Remove TELEGRAM_BOT_TOKEN/TELEGRAM_CHAT_ID from compose - Drop .env.example dependency — all config inline in compose file Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
13 lines
559 B
Plaintext
13 lines
559 B
Plaintext
[Definition]
|
|
|
|
# Drops traffic two ways:
|
|
# - DOCKER-USER: matches X-Forwarded-For header in forwarded packets (CDN/proxy setups)
|
|
# - INPUT: drops direct connections at the host level
|
|
# Requires xt_string kernel module on the host (modprobe xt_string).
|
|
|
|
actionban = iptables -I DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP
|
|
iptables -A INPUT -s <ip> -j DROP
|
|
|
|
actionunban = iptables -D DOCKER-USER -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP || true
|
|
iptables -D INPUT -s <ip> -j DROP || true
|