FGM Wiki
Attachments
History
Blame
View Source
Documentation
About An Otter Wiki
Toggle dark mode
Login
Home
A - Z
Changelog
Menu
Domain Homepage
Git forge
Page Index
Docker
Maintenance
Mise à jours
Setup
Troubleshooting
Hardware
Disques Dures
Specs
Sauvegarde Et Restoration
Mailu
Nextcloud
Procédure De Sauvegarde Individuelles
Scripts de sauvegarde
Server
Custom scripts location
Fail2Ban
General
Mise à jours
Noms de domaine
Nvidia Card
Security
Setup
SMART
SSH
Syncing Content
Services Hng
Dokuwiki
Forgejo
Historique
Jellyfin
Mailu
Nextcloud
Onlyoffice
Openwebui
Readeck
Traefik
Home
Server
Fail2Ban
0f24b9
Commit
0f24b9
2025-12-21 19:07:23
theophile
: added troubleshooting, general page cleanup with blocks
server/fail2ban.md
..
@@ 19,19 19,21 @@
sudo apt install fail2ban
```
+
## Configuration
+
Les fichiers de configuration se trouve à :
``` shell
/etc/fail2ban
```
-
<WRAP left round important 100%>
-
Don't copy the conf to local We want to make precise modifications to
+
:::info
+
Don't **copy the conf to local**, we want to make precise modifications to
the default, so let's not loose ourselves in thousands of parameters.
Let's target the ones we need to change.
+
:::
-
</WRAP>
Tout d'abord on créer un fichier `jail.local` pour override les
paramètres par défault:
@@ 149,7 151,7 @@
```
- Add the `/etc/fail2ban/jail.d/bad-auth-bots.conf`
-
+
```toml
[bad-auth-bots]
enabled = true
backend = systemd
@@ 158,21 160,20 @@
findtime = 600
maxretry = 5
action = docker-action-net
-
+
```
The above will block flagged IPs for a week, you can of course change it
to your needs.
-
- Add the following to /etc/fail2ban/action.d/docker-action-net.conf
-
-
<WRAP left round important 100%>
+
- Add the following to `/etc/fail2ban/action.d/docker-action-net.conf`
+
:::info
You have to install ipset on the host system, eg.
`apt-get install ipset` on a Debian/Ubuntu system.
+
:::
-
</WRAP>
See ipset homepage for details on ipset, <https://ipset.netfilter.org/>.
-
+
```toml
[Definition]
actionstart = ipset --create f2b-bad-auth-bots nethash
@@ 184,6 185,7 @@
actionban = ipset add -exist f2b-bad-auth-bots <ip>/24
actionunban = ipset del -exist f2b-bad-auth-bots <ip>/24
+
```
Using DOCKER-USER chain ensures that the blocked IPs are processed in
the correct order with Docker. See more in:
@@ 212,6 214,20 @@
sudo systemctl restart fail2ban
```
+
+
## Troubleshooting
+
+
Pour vérifier si une adresse a été ban, on a plusieurs possibilité:
+
+
```bash
+
less /var/log/fail2ban.log | grep YOUR_IP
+
```
+
### Unban
+
+
```bash
+
sudo fail2ban-client set THE_JAIL_NAME unbanip YOUR_IP
+
```
+
## Sources
- https://wiki.archlinux.org/title/Fail2ban
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9