Netfilter + fail2ban + SSH in docker.... I am doing something wrong

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

	I have a configuration based fail2ban. I am running a container that runs an SSH service, and I am seeing a lot of "strange" connections. I have set docker to send the log of the container to Systemd's journal, and I am using it as a source for fail2ban.  With the following configuration for iptables, the connections (although being banned) still succeed. Can it be that I should have the Chain f2b-sshd_docker somewhere else?

Thank you very much for any help you can provide (and for your time).

Regards,
Felix

# iptables -t filter --list
Chain FORWARD (policy DROP)
target     prot opt   source               destination
DOCKER-USER  all  --  anywhere             anywhere
[....]

Chain DOCKER-USER (1 references)
target     prot opt source            destination
f2b-sshd_docker  tcp  --  anywhere    anywhere   multiport dports ssh
[....]

Chain f2b-sshd_docker (1 references)
target     prot opt source       destination
REJECT     all  --  96.9.168.71  anywhere   reject-with icmp-port-unreachable
REJECT     all  --  94.96.68.78  anywhere   reject-with icmp-port-unreachable
[....]

# iptables -t nat --list 
Chain PREROUTING (policy ACCEPT) 
target     prot opt source               destination          
[....]
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL 

Chain POSTROUTING (policy ACCEPT) 
target     prot opt source               destination          
MASQUERADE  all  --  172.17.0.0/16        anywhere         
MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:ssh 

Chain DOCKER (2 references) 
target     prot opt source               destination          
RETURN     all  --  anywhere             anywhere             
DNAT       tcp  --  anywhere             localhost            tcp dpt:13000 to:172.17.0.2:3000 
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ssh to:172.17.0.2:22 







[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux