Fail2Ban Community Container: Protecting Host & Persisting IP Whitelist? #6057

nextcci · 2025-02-18T10:03:32Z

nextcci
Feb 18, 2025

Hi everyone

I just installed and tested the community container fail2ban. Failed Nextcloud logins are being blocked correctly. However, the host itself is not secured by fail2ban. For example, failed SSH logins are not being registered. Additionally, my own IP is not on the whitelist.

Now, the following questions arise:

How can I also protect the Ubuntu host with the fail2ban container?
How can I exclude my IP from fail2ban and ensure that this setting persists after a container restart?

Thank you in advance for your help.

Answered by szaimen

Feb 18, 2025

Hi,

How can I also protect the Ubuntu host with the fail2ban container?

You cannot. To do that, you need to enable fail2ban on your host OS and enable the ssh ruleset. The Community Container only protects the in the readme mentioned services - mostly services bundled in AIO or its CC.

How can I exclude my IP from fail2ban and ensure that this setting persists after a container restart?

Is that a private ip-address? If so, I just added the private ip-ranges to the ignore list inside the container and also created a new image. Please update the container via the AIO interface and check if that resolves things for you. Referincing szaimen/aio-fail2ban#37

View full answer

szaimen · 2025-02-18T17:04:11Z

szaimen
Feb 18, 2025
Maintainer

Hi,

How can I also protect the Ubuntu host with the fail2ban container?

You cannot. To do that, you need to enable fail2ban on your host OS and enable the ssh ruleset. The Community Container only protects the in the readme mentioned services - mostly services bundled in AIO or its CC.

How can I exclude my IP from fail2ban and ensure that this setting persists after a container restart?

Is that a private ip-address? If so, I just added the private ip-ranges to the ignore list inside the container and also created a new image. Please update the container via the AIO interface and check if that resolves things for you. Referincing szaimen/aio-fail2ban#37

2 replies

nextcci Feb 18, 2025
Author

Hi szaimen

Thanks for your quick response.

You cannot. To do that, you need to enable fail2ban on your host OS and enable the ssh ruleset. The Community Container only protects the in the readme mentioned services - mostly services bundled in AIO or its CC.

I see. I initially tried installing fail2ban on the host system, but for some reason, it didn't write to the iptables, even though failed logins were correctly detected and appeared in fail2ban's blocklist. That's why I thought I could secure both the host and the container using the community container.

Is that a private ip-address?

Regarding the exclusion of IP addresses, I would like to whitelist my own public IP. Maybe it would be a good idea to mount the nextcloud.local as a volume to make it persistent, if that is possible.

szaimen Feb 18, 2025
Maintainer

Maybe it would be a good idea to mount the nextcloud.local as a volume to make it persistent, if that is possible.

This is unfortunately currently not possible

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fail2Ban Community Container: Protecting Host & Persisting IP Whitelist? #6057

{{title}}

Replies: 1 comment 2 replies

{{title}}

{{title}}

{{title}}

Select a reply

Fail2Ban Community Container: Protecting Host & Persisting IP Whitelist? #6057

nextcci Feb 18, 2025

Replies: 1 comment · 2 replies

szaimen Feb 18, 2025 Maintainer

nextcci Feb 18, 2025 Author

szaimen Feb 18, 2025 Maintainer

nextcci
Feb 18, 2025

Replies: 1 comment 2 replies

szaimen
Feb 18, 2025
Maintainer

nextcci Feb 18, 2025
Author

szaimen Feb 18, 2025
Maintainer