Lukas
706d2e1df8
The blocklist import service targets a dedicated jail called 'blocklist-import' (BLOCKLIST_JAIL constant in blocklist_service.py), but that jail was never defined in the dev fail2ban configuration. Every import attempt immediately failed with UnknownJailException. Add Docker/fail2ban-dev-config/fail2ban/jail.d/blocklist-import.conf: a manual-ban jail with no log-based detection that accepts banip commands only, using iptables-allports with a 1-week bantime. Also track the new file in .gitignore (whitelist) and fix a pre-existing blank-line-with-whitespace lint error in setup_service.py.
27 lines
1.1 KiB
Plaintext
27 lines
1.1 KiB
Plaintext
# ──────────────────────────────────────────────────────────────
|
|
# BanGUI — Blocklist-import jail
|
|
#
|
|
# Dedicated jail for IPs banned via the BanGUI blocklist import
|
|
# feature. This is a manual-ban jail: it does not watch any log
|
|
# file. All bans are injected programmatically via
|
|
# fail2ban-client set blocklist-import banip <ip>
|
|
# which the BanGUI backend uses through its fail2ban socket
|
|
# client.
|
|
# ──────────────────────────────────────────────────────────────
|
|
|
|
[blocklist-import]
|
|
|
|
enabled = true
|
|
# No log-based detection — only manual banip commands are used.
|
|
filter =
|
|
logpath = /dev/null
|
|
backend = auto
|
|
maxretry = 1
|
|
findtime = 1d
|
|
# Block imported IPs for one week.
|
|
bantime = 1w
|
|
banaction = iptables-allports
|
|
|
|
# Never ban the Docker bridge network or localhost.
|
|
ignoreip = 127.0.0.0/8 ::1 172.16.0.0/12
|