I did a bit of digging and I stand corrected. If you run the following command and adapt it for your situation the below should show you your ban status. It could be that there are other mechanisms in play for the bans besides the firewall that are managed by docker.
docker exec -it fail2ban fail2ban-client status sshd From what I know about containers is this 1. You don’t have a firewall 2. No system Regards, Jonathan Aquilina From: solarflow99 <solarflo...@gmail.com> Sent: 08 February 2025 08:24 To: Jonathan Aquilina <jaquil...@eagleeyet.net> Cc: fail2ban-users@lists.sourceforge.net Subject: Re: [Fail2ban-users] firewalld rules not getting created fail2ban is one of several containers running on the host, 3 of them including the ssh container is volume mapped its log file to fail2ban just like it should. So there are ingress containers if thats what you mean? I can't quite understand what you mean, fail2ban can run in a container thats what the docker image was all about. Maybe you are thinking where the firewall-cmd rules get applied, onto the host or to the dockernet? I'm using network=host in docker so that shouldn't be an issue there. On Fri, Feb 7, 2025 at 10:49 PM Jonathan Aquilina <jaquil...@eagleeyet.net<mailto:jaquil...@eagleeyet.net>> wrote: Hello, If this is on a container, containers cannot run the firewalls. You need to have some form of an ingress controller maybe nginx in front or HA Proxy that will do the filtering for your containers. Regards, Jonathan From: solarflow99 <solarflo...@gmail.com<mailto:solarflo...@gmail.com>> Sent: 08 February 2025 07:44 To: fail2ban-users@lists.sourceforge.net<mailto:fail2ban-users@lists.sourceforge.net> Subject: Re: [Fail2ban-users] firewalld rules not getting created ERROR 7f951278ea60 -- stderr: '/bin/sh: firewall-cmd: not found' ERROR 7f951278ea60 -- returned 127 Doesn't anyone else run into this? It seems that: image: lscr.io/linuxserver/fail2ban<https://link.edgepilot.com/s/28ed2e1a/Lb4p6m44qE2AsTB_wreyXQ?u=http://lscr.io/linuxserver/fail2ban> is using Alpine linux and doesn't come with firewalld, but that doesn't make any sense. I asked on the list in case anyone knew. Perhaps its because Alpine doesn't support systemd, but surely I can't be the first person that ran into this.. On Thu, Feb 6, 2025 at 5:46 PM solarflow99 <solarflo...@gmail.com<mailto:solarflo...@gmail.com>> wrote: I have fail2ban running in docker-compose, but I still don't see any of the FW rules on the host, I am using image: lscr.io/linuxserver/fail2ban:latest<https://link.edgepilot.com/s/f8eae19d/UF5-X4NVHkaLT7Z1RWHFLQ?u=http://lscr.io/linuxserver/fail2ban:latest> # fail2ban-client status sshd | more Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: /remotelogs/ssh/secure `- Actions |- Currently banned: 56719 |- Total banned: 56719 `- Banned IP list: From the LOG, its easy to see why: ERROR 7f5fc7464300 -- stderr: '/bin/sh: firewall-cmd: not found' Shouldn't this image have firewall-cmd already? Or am I doing something wrong? Links contained in this email have been replaced. If you click on a link in the email above, the link will be analyzed for known threats. If a known threat is found, you will not be able to proceed to the destination. If suspicious content is detected, you will see a warning.
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
