fail2ban 与 docker(主机模式网络)正在进行 iptables 输入,但不会停止连接

tag-icon tag-icon iptables docker fail2ban
fail2ban 与 docker(主机模式网络)正在进行 iptables 输入,但不会停止连接

环境:

  • Fail2Ban 版本 - 0.9.6
  • 操作系统——Debian 9。

问题:

Fail2ban 按照 jail.local 中定义的 jail 的预期将条目放入 iptables 中,如下所示:

[xyz_failure]
enabled=true
filter=xyz_failure 
logpath=/var/log/xyz_failure.log  
maxretry=10
findtime=1800
bantime=604800

iptables -S 的输出

-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT .  
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-N f2b-xyz_failure
-A INPUT -p tcp -m multiport --dports 0:65535 -j f2b-xyz_failure
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A f2b-xyz_failure -m string --string "X-Forwarded-For: 200.194.41.xxx" --algo bm --to 65535 -j REJECT --reject-with icmp-port-unreachable .

重现步骤 安装了 docker 的服务器。服务器前面的负载均衡器。安装 fail2ban。

观察到的行为 该 IP 并未被阻止通过浏览器访问网站。

任何其他信息 当我在 iOS 应用程序中以 webview 形式打开网站时,IP 被正确禁止。这似乎是已建立的连接未被禁止的问题。

以下是日志 -

2018-12-06 23:45:13,895 fail2ban.actions [9036]: NOTICE [xyz_failure] Ban 200.194.41.xxx
2018-12-07 00:01:44,627 fail2ban.filter [9036]: INFO [xyz_failure] Found 200.194.41.xxx
2018-12-07 00:01:47,654 fail2ban.filter [9036]: INFO [xyz_failure] Found 200.194.41.xxx
2018-12-07 00:01:53,764 fail2ban.filter [9036]: INFO [xyz_failure] Found 200.194.41.xxx
2018-12-07 00:01:55,767 fail2ban.filter [9036]: INFO [xyz_failure] Found 200.194.41.xxx
2018-12-07 00:01:56,901 fail2ban.filter [9036]: INFO [xyz_failure] Found 200.194.41.xxx

所监控日志文件的相关行:

189.188.53.xxx - - [07/Dec/2018:00:07:02 -0600] User Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 HTTP_REFERRER:
189.188.53.xxx - - [07/Dec/2018:00:07:20 -0600] User Agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 HTTP_REFERRER:
18.208.165.xxx - - [07/Dec/2018:00:08:15 -0600] User Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.98 Safari/537.36 HTTP_REFERRER: email:
187.254.108.xxx - - [07/Dec/2018:00:08:20 -0600] User Agent:Android app ver 3.3.9 Mozilla/5.0 (Linux; Android 7.0; SM-G950U Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.83 Mobile Safari/537.36 HTTP_REFERRER:
201.175.202.xxx - - [07/Dec/2018:00:08:20 -0600] User Agent:Android app ver 3.3.9 Mozilla/5.0 (Linux; Android 8.1.0; Mi A2 Lite Build/OPM1.171019.019; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/68.0.3440.91 Mobile Safari/537.36 HTTP_REFERRER:

相关内容