无法使用Fail2ban阻止公共IP

编程问答 2022-06-09

问题描述

我遇到的情况与先前未回答的问题非常相似:cannot block public IP from fail2ban with docker

问题陈述:无法使用Fail2ban阻止公共IP。

我的设置:

Debian GNU/Linux 9 (stretch)
Fail2ban 0.9.6 (on host)
Docker 19.03.13
Nginx-Proxy-Manager 2.5.1 (dockerized) (https://github.com/jc21/Nginx-proxy-manager)

外部流量从边缘防火墙转发到NPM上的内部IP,内部流量通过dns路由到NPM上的相同IP。 (由于我无法记住我正在运行的各种服务使用的所有自定义端口,因此将NPM用作内部代理)。 对于这个问题,在引入Fail2ban之前,我仅测试了我的一项代理服务和所有流量。

引入Fail2ban时(进一步提供配置),我观察到以下内容

  • Nginx记录相关流量
  • Fail2ban正则表达式可识别此流量
  • Fail2ban成功阻止了iptables中已识别的流量(证明了上一点)
  • 如果IP是内部的,则进一步的连接尝试将被阻止
  • 如果IP是外部访问,则不会被阻止

Fail2ban jail.local 

[Nginx-docker]
enabled = true
chain = DOCKER-USER
banaction = iptables-allports (also tried iptables-multiports)
action = %(action_mwm)s
logpath = /opt/npm/data/logs/default_host.log
          /opt/npm/data/logs/proxy_host-*.log
maxretry = 3
bantime  = 86400
findtime = 60

action_mwm = %(banaction)s[name=%(__name__)s,bantime="%(bantime)s",port="%(port)s",protocol="%(protocol)s",chain="%(chain)s"]
             %(mta)s-whois-matches[name=%(__name__)s,dest="%(destemail)s",chain="%(chain)s"]

iptables:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.25.0.2           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.25.0.2           tcp dpt:81
ACCEPT     tcp  --  anywhere             172.25.0.2           tcp dpt:http

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
f2b-Nginx-docker  tcp  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain f2b-Nginx-docker (1 references)
target     prot opt source               destination
REJECT     all  --  77.16.xx.xx         anywhere             reject-with icmp-port-unreachable
REJECT     all  --  185.xx.xx.xx        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  148.xx.xx.xx        anywhere             reject-with icmp-port-unreachable
REJECT     all  --  192.168.1.151        anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

从代理日志中:

[13/Oct/2020:10:56:10 +0000] - 200 200 - POST https <server> "/URL/index.asmx" [Client 77.16.xx.xx]

如果我尝试从192.168.1.151访问URL,则结果为404,并且Nginx日志文件中未记录任何内容。 (正确地阻止了流量)

有人可以帮我澄清一下吗?

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

dockerfail2baniptables