I use linuxserver/fail2ban version 2024-10-12 on Unraid 6.12 and I can´t add a custom jail for Jellyfin. Both, f2b and Jellyfin run in a docker container. The /remotelogs/jellyfin volume is set up correctly and the logs are accessible.
I followed this guide to set up a custom jail for Jellyfin.
So I added jail.d/jellyfin.local with the following content:
But when I start fail2ban, it only recognizes the nextcloud-auth jail, ignoring the jellyfin jail completely. If I remove the nextcloud jail, the logs even say “no custom configuration found” and fail2ban-client status shows 0 jails.
The logs don´t show any errors. It just ignores jellyfin completely.
All preconfigured jails work fine. But I can´t add a custom one. What am I missing?
Thanks in advance four your help!
pretty sure you need to set this in jail.local, I’ve been using fail2ban for… 17yrs or so and have never heard of a jail.d folder… I could be behind the times on this, but then… mine works, so maybe not
for example, here is some of mine in jail.local that i have added
Holly Molly what a strange behaviour!
Your solution worked. But with a small addition: I had to delete the jellyfin.local file in the jail.d directory!
Every tutorial on the internet told me to add a custom jail in the jail.d directory.
This is the place where all other jails are configured.
I already tried your solution recently without success. But at that time, I had both, the configuration in the jail.local AND the jellyfin.local file!
After deleting the jellyfin.local file, it works! Thanks!
A .local file in jail.d should work. I do that for the LSIO openssh-server with a jail.d/openssh-server.local file.
The jail.conf explains a bit how it’s supposed to work:
Provide customizations in a jail.local file or a jail.d/customisation.local.
For example to change the default bantime for all jails and to enable the
ssh-iptables jail the following (uncommented) would appear in the .local file.
See man 5 jail.conf for details.
That´s how I understood that it should work. So it seems my approach was correct? I opened a GitHub issue for that behaviour. Maybe I missed something, maybe I found a rare case where I managed to break the configuration for that one jail.
In addition to .local, for jail.conf or fail2ban.conf file there can be a corresponding .d/ directory containing additional .conf files. The order e.g. for jail configuration would be:
jail.conf
jail.d/*.conf (in alphabetical order)
jail.local
jail.d/*.local (in alphabetical order).
i.e. all .local files are parsed after .conf files in the original configuration file and files under .d directory. Settings in the file parsed later take precedence over identical entries in previously parsed files.
Your jail.d/jellyfin.local file is processed after jail.local so you’re overriding enabled = true from jail.local with enabled = false from jail.d/jellyfin.local.