Hi all, Nobody can give me a hand?? :-/ I sent this mail ~10 days ago, and... nobody with a hint? :-( I have a configuration based fail2ban. I am running a container that runs an SSH service, and I am seeing a lot of "strange" connections. I have set docker to send the log of the container to Systemd's journal, and I am using it as a source for fail2ban. With the following configuration for iptables, the connections (although being banned) still succeed. Can it be that I should have the Chain f2b-sshd_docker somewhere else? Thank you very much for any help you can provide (and for your time). Regards, Felix # iptables -t filter --list Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere [....] Chain DOCKER-USER (1 references) target prot opt source destination f2b-sshd_docker tcp -- anywhere anywhere multiport dports ssh [....] Chain f2b-sshd_docker (1 references) target prot opt source destination REJECT all -- 96.9.168.71 anywhere reject-with icmp-port-unreachable REJECT all -- 94.96.68.78 anywhere reject-with icmp-port-unreachable [....] # iptables -t nat --list Chain PREROUTING (policy ACCEPT) target prot opt source destination [....] DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 172.17.0.0/16 anywhere MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:ssh Chain DOCKER (2 references) target prot opt source destination RETURN all -- anywhere anywhere DNAT tcp -- anywhere localhost tcp dpt:13000 to:172.17.0.2:3000 DNAT tcp -- anywhere anywhere tcp dpt:ssh to:172.17.0.2:22
