Letsencrypt fail2ban ban not working even though added to iptables

paxx · 25 January 2020 03:15

Hi,

I have a pretty standard setup, noting too crazy. I have a the below docker-compose that when fail2ban creates the rule to ban an ipaddress, it doesn’t work and I am still able to access the website. iptables within the docker creates the rules but doens’t seem to transfer to the host. What am I missing?

host machine is running Centos 7

Thanks for the help!

version: "2"
services:
  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=${TZ}
      - URL=domain
      - SUBDOMAINS=1,2,3
      - VALIDATION=http
      - DNSPLUGIN=cloudflare #optional
    volumes:
      - ${USERDIR}/letsencrypt/config:/config
    networks:
      - proxy
    ports:
      - 443:443
      - 80:80 #optional
    restart: unless-stopped
networks:
  proxy:
    external: true

iptables within the container

Chain f2b-nextcloud (1 references)
target     prot opt source               destination         
REJECT     all  --  xxx.xxx.xxx.xxx       anywhere             reject-with icmp-port-unreachable

aptalca · 25 January 2020 03:38

Check the fail2ban logs

paxx · 25 January 2020 13:29

There is nothing of real relevance within the logs. I manually banned an IP and then it unbanned it after the set time elapsed. What else a I looking for?

2020-01-24 22:13:15,850 fail2ban.actions        [362]: NOTICE  [nextcloud] Ban xxx.xxx.xxx.xxx
2020-01-24 22:23:16,617 fail2ban.actions        [362]: NOTICE  [nextcloud] Unban xxx.xxx.xxx.xxx

accees.log for nextcloud

xxx.xxx.xxx - - [25/Jan/2020:08:25:39 -0500] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/1.1" 200 503 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36"`