On Sun, Jan 11, 2015 at 1:47 PM, lee <l...@yagibdah.de> wrote: > > Same here, so why does fail2ban get involved with containers? >
Seems like there are three options here. 1. Run fail2ban on the host and have it look into the containers, monitor their logs, and add host iptables rules to block connections. 2. Run fail2ban in each container and have it monitor its own logs, and then add host iptables rules to block connections. 3. Run fail2ban in each container and have each container in its own network namespace. Fail2ban can then add container iptables rules to block connections. I actually gave up on fail2ban after a bunch of issues. The only place I get brute force attacks right now is ssh, and I'm using the Google authenticator plugin. I just ignore the thousands of failed ssh authentication attempts... -- Rich
