I'm running Vaultwarden with Docker and set up Fail2ban for security. After intentionally entering the wrong password a few times, I noticed that the IP got banned according to the jail status. However, I can still access the service. What could be causing this?
5 Answers
Fail2ban doesn’t actually block traffic itself. What it does is execute specific ban commands when it detects repeated failures. You should check the `banaction` settings in your Fail2ban configuration to make sure they’re set up correctly for your environment. If the commands it’s meant to run aren't applicable, Fail2ban can't enforce the ban properly. Also, look into your logs for any clues on that.
It can be tricky with Docker because it modifies iptables when a container is started. The rules Docker adds can take precedence over what Fail2ban tries to implement, so you might not be blocking access as intended.
Fail2ban generally blocks specific IPs and port combinations. If it's not configured to block specific ports, it might only be preventing access to the service that triggered the failure instead of the entire service stack.
Make sure to check the iptables or nftables commands being used, along with your jail.conf. They play a significant role in determining what gets blocked and what doesn't.
Since you’re using Nginx with Cloudflare in front, be aware that Fail2ban might see only the internal IP from Cloudflare instead of the real external IP. The connection essentially appears to come from the Cloudflare servers rather than the actual user, which means the ban might not apply as expected. You may need a more advanced method of blocking, like checking HTTP headers directly.
Exactly! Ensuring those actions are correct is crucial. Definitely check the logs to see if everything is functioning as it should.