{"id":13443038,"url":"https://github.com/crazy-max/docker-fail2ban","last_synced_at":"2025-05-15T08:06:24.268Z","repository":{"id":39649421,"uuid":"130902576","full_name":"crazy-max/docker-fail2ban","owner":"crazy-max","description":"Fail2ban Docker image","archived":false,"fork":false,"pushed_at":"2025-02-16T17:56:06.000Z","size":347,"stargazers_count":685,"open_issues_count":7,"forks_count":83,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-04-14T13:08:42.874Z","etag":null,"topics":["alpine-linux","docker","docker-compose","fail2ban","firewall","iptables"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crazy-max.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":".github/SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"crazy-max","custom":"https://www.paypal.me/crazyws"}},"created_at":"2018-04-24T19:14:31.000Z","updated_at":"2025-04-14T11:54:00.000Z","dependencies_parsed_at":"2024-05-09T08:51:22.088Z","dependency_job_id":"2f820b26-8442-4b79-aa68-954439d0ef26","html_url":"https://github.com/crazy-max/docker-fail2ban","commit_stats":null,"previous_names":[],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fdocker-fail2ban","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fdocker-fail2ban/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fdocker-fail2ban/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazy-max%2Fdocker-fail2ban/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crazy-max","download_url":"https://codeload.github.com/crazy-max/docker-fail2ban/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254301431,"owners_count":22047904,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alpine-linux","docker","docker-compose","fail2ban","firewall","iptables"],"created_at":"2024-07-31T03:01:55.182Z","updated_at":"2025-05-15T08:06:24.195Z","avatar_url":"https://github.com/crazy-max.png","language":"Dockerfile","readme":"\u003cp align=\"center\"\u003e\u003ca href=\"https://github.com/crazy-max/docker-fail2ban\" target=\"_blank\"\u003e\u003cimg height=\"128\" src=\"https://raw.githubusercontent.com/crazy-max/docker-fail2ban/master/.github/docker-fail2ban.jpg\"\u003e\u003c/a\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://hub.docker.com/r/crazymax/fail2ban/tags?page=1\u0026ordering=last_updated\"\u003e\u003cimg src=\"https://img.shields.io/github/v/tag/crazy-max/docker-fail2ban?label=version\u0026style=flat-square\" alt=\"Latest Version\"\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/crazy-max/docker-fail2ban/actions?workflow=build\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/crazy-max/docker-fail2ban/build.yml?branch=master\u0026label=build\u0026logo=github\u0026style=flat-square\" alt=\"Build Status\"\u003e\u003c/a\u003e\n \u003ca href=\"https://hub.docker.com/r/crazymax/fail2ban/\"\u003e\u003cimg src=\"https://img.shields.io/docker/stars/crazymax/fail2ban.svg?style=flat-square\u0026logo=docker\" alt=\"Docker Stars\"\u003e\u003c/a\u003e\n \u003ca href=\"https://hub.docker.com/r/crazymax/fail2ban/\"\u003e\u003cimg src=\"https://img.shields.io/docker/pulls/crazymax/fail2ban.svg?style=flat-square\u0026logo=docker\" alt=\"Docker Pulls\"\u003e\u003c/a\u003e\n \u003cbr /\u003e\u003ca href=\"https://github.com/sponsors/crazy-max\"\u003e\u003cimg src=\"https://img.shields.io/badge/sponsor-crazy--max-181717.svg?logo=github\u0026style=flat-square\" alt=\"Become a sponsor\"\u003e\u003c/a\u003e\n \u003ca href=\"https://www.paypal.me/crazyws\"\u003e\u003cimg src=\"https://img.shields.io/badge/donate-paypal-00457c.svg?logo=paypal\u0026style=flat-square\" alt=\"Donate Paypal\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## About\n\n[Fail2ban](https://www.fail2ban.org) Docker image to ban hosts that cause\nmultiple authentication errors.\n\n\u003e [!TIP] \n\u003e Want to be notified of new releases? Check out 🔔 [Diun (Docker Image Update Notifier)](https://github.com/crazy-max/diun)\n\u003e project!\n\n___\n\n* [Build locally](#build-locally)\n* [Image](#image)\n* [Environment variables](#environment-variables)\n* [Volumes](#volumes)\n* [Usage](#usage)\n * [Docker Compose](#docker-compose)\n * [Command line](#command-line)\n* [Upgrade](#upgrade)\n* [Notes](#notes)\n * [`DOCKER-USER` chain](#docker-user-chain)\n * [`DOCKER-USER` and `INPUT` chains](#docker-user-and-input-chains)\n * [Jails examples](#jails-examples)\n * [Use fail2ban-client](#use-fail2ban-client)\n * [Global jail configuration](#global-jail-configuration)\n * [Custom jails, actions and filters](#custom-jails-actions-and-filters)\n * [Sending email using a sidecar container](#sending-email-using-a-sidecar-container)\n* [Contributing](#contributing)\n* [License](#license)\n\n## Build locally\n\n```shell\ngit clone https://github.com/crazy-max/docker-fail2ban.git\ncd docker-fail2ban\n\n# Build image and output to docker (default)\ndocker buildx bake\n\n# Build multi-platform image\ndocker buildx bake image-all\n```\n\n## Image\n\n| Registry | Image |\n|-----------------------------------------------------------------------------------------------------|------------------------------|\n| [Docker Hub](https://hub.docker.com/r/crazymax/fail2ban/) | `crazymax/fail2ban` |\n| [GitHub Container Registry](https://github.com/users/crazy-max/packages/container/package/fail2ban) | `ghcr.io/crazy-max/fail2ban` |\n\nFollowing platforms for this image are available:\n\n```\n$ docker buildx imagetools inspect crazymax/fail2ban --format \"{{json .Manifest}}\" | \\\n jq -r '.manifests[] | select(.platform.os != null and .platform.os != \"unknown\") | .platform | \"\\(.os)/\\(.architecture)\\(if .variant then \"/\" + .variant else \"\" end)\"'\n\nlinux/386\nlinux/amd64\nlinux/arm/v6\nlinux/arm/v7\nlinux/arm64\nlinux/ppc64le\nlinux/riscv64\nlinux/s390x\n```\n\n## Environment variables\n\n* `TZ`: The timezone assigned to the container (default `UTC`)\n* `F2B_LOG_TARGET`: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT (default `STDOUT`)\n* `F2B_LOG_LEVEL`: Log level output (default `INFO`)\n* `F2B_DB_PURGE_AGE`: Age at which bans should be purged from the database (default `1d`)\n* `IPTABLES_MODE`: Choose between iptables `nft` or `legacy` mode. (default `auto`)\n\n## Volumes\n\n* `/data`: Contains customs jails, actions and filters and Fail2ban persistent database\n\n## Usage\n\n### Docker Compose\n\nDocker compose is the recommended way to run this image. Copy the content of\nfolder [examples/compose](examples/compose) in `/var/fail2ban/` on your host\nfor example. Edit the Compose and env files with your preferences and run the\nfollowing commands:\n\n```console\n$ docker compose up -d\n$ docker compose logs -f\n```\n\n### Command line\n\nYou can also use the following minimal command :\n\n```console\n$ docker run -d --name fail2ban --restart always \\\n --network host \\\n --cap-add NET_ADMIN \\\n --cap-add NET_RAW \\\n -v $(pwd)/data:/data \\\n -v /var/log:/var/log:ro \\\n crazymax/fail2ban:latest\n```\n\n## Upgrade\n\nRecreate the container whenever I push an update:\n\n```console\n$ docker compose pull\n$ docker compose up -d\n```\n\n## Notes\n\n### `DOCKER-USER` chain\n\nIn Docker 17.06 and higher through [docker/libnetwork#1675](https://github.com/docker/libnetwork/pull/1675),\nyou can add rules to a new table called `DOCKER-USER`, and these rules will be\nloaded before any rules Docker creates automatically. This is useful to make\n`iptables` rules created by Fail2Ban persistent.\n\nIf you have an older version of Docker, you may just change the chain\ndefinition for your jail to `chain = FORWARD`. This way, all Fail2Ban rules\ncome before any Docker rules but these rules will now apply to ALL forwarded\ntraffic.\n\nMore info : https://docs.docker.com/network/iptables/\n\n### `DOCKER-USER` and `INPUT` chains\n\nIf your Fail2Ban container is attached to `DOCKER-USER` chain instead of\n`INPUT`, the rules will be applied **only to containers**. This means that any\npackets coming into the `INPUT` chain will bypass these rules that now reside\nunder the `FORWARD` chain.\n\nThis is why the [sshd](examples/jails/sshd) jail contains a [`chain = INPUT`](examples/jails/sshd/jail.d/sshd.conf)\nin its definition and [traefik](examples/jails/traefik) jail contains\n[`chain = DOCKER-USER`](examples/jails/traefik/jail.d/traefik.conf).\n\n### Jails examples\n\nHere are some examples using the `DOCKER-USER` chain:\n\n* [guacamole](examples/jails/guacamole)\n* [traefik](examples/jails/traefik)\n\nAnd others using the `INPUT` chain:\n\n* [proxmox](examples/jails/proxmox)\n* [sshd](examples/jails/sshd)\n\n### Use fail2ban-client\n\n[Fail2ban commands](http://www.fail2ban.org/wiki/index.php/Commands) can be used\nthrough the container. Here is an example if you want to ban an IP manually:\n\n```console\n$ docker exec -t \u003cCONTAINER\u003e fail2ban-client set \u003cJAIL\u003e banip \u003cIP\u003e\n```\n\n### Global jail configuration\n\nYou can provide customizations in `/data/jail.d/*.local` files.\n\nFor example, to change the default bantime for all jails:\n\n```text\n[DEFAULT]\nbantime = 1h\n```\n\n\u003e [!NOTE]\n\u003e Loading order for jail configuration:\n\u003e ```text\n\u003e jail.conf\n\u003e jail.d/*.conf (in alphabetical order)\n\u003e jail.local\n\u003e jail.d/*.local (in alphabetical order)\n\u003e ```\n\nA sample configuration file is [available on the official repository](https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf).\n\n### Custom jails, actions and filters\n\nCustom jails, actions and filters can be added respectively in `/data/jail.d`,\n`/data/action.d` and `/data/filter.d`. If you add an action/filter that already\nexists, it will be overriden.\n\n\u003e [!WARNING]\n\u003e Container has to be restarted to propagate changes\n\n### Sending email using a sidecar container\n\nIf you want to send emails using a sidecar container, see the example in\n[examples/smtp](examples/smtp). It uses the [smtp.py action](https://github.com/fail2ban/fail2ban/blob/1.1.0/config/action.d/smtp.py)\nand [msmtpd SMTP relay](https://github.com/crazy-max/docker-msmtpd) image.\n\n## Contributing\n\nWant to contribute? Awesome! The most basic way to show your support is to star\nthe project, or to raise issues. You can also support this project by [**becoming a sponsor on GitHub**](https://github.com/sponsors/crazy-max)\nor by making a [PayPal donation](https://www.paypal.me/crazyws) to ensure this\njourney continues indefinitely!\n\nThanks again for your support, it is much appreciated! :pray:\n\n## License\n\nMIT. See `LICENSE` for more details.\n","funding_links":["https://github.com/sponsors/crazy-max","https://www.paypal.me/crazyws"],"categories":["Dockerfile","docker"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrazy-max%2Fdocker-fail2ban","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrazy-max%2Fdocker-fail2ban","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrazy-max%2Fdocker-fail2ban/lists"}