{"id":47838289,"url":"https://github.com/sosandroid/docker-fail2ban-synology","last_synced_at":"2026-04-03T20:35:11.409Z","repository":{"id":73481060,"uuid":"251310947","full_name":"sosandroid/docker-fail2ban-synology","owner":"sosandroid","description":"Adaptation of @crazy-max docker fail2ban for Synology","archived":false,"fork":false,"pushed_at":"2024-06-05T09:46:58.000Z","size":40,"stargazers_count":47,"open_issues_count":2,"forks_count":7,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-06-05T11:11:58.168Z","etag":null,"topics":["docker-compose","fail2ban","synology-docker"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sosandroid.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-30T13:20:17.000Z","updated_at":"2024-06-05T09:47:02.000Z","dependencies_parsed_at":"2024-05-23T06:26:00.973Z","dependency_job_id":"ee541529-4f43-44e1-b2b2-7f7ba9be8152","html_url":"https://github.com/sosandroid/docker-fail2ban-synology","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sosandroid/docker-fail2ban-synology","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sosandroid%2Fdocker-fail2ban-synology","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sosandroid%2Fdocker-fail2ban-synology/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sosandroid%2Fdocker-fail2ban-synology/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sosandroid%2Fdocker-fail2ban-synology/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sosandroid","download_url":"https://codeload.github.com/sosandroid/docker-fail2ban-synology/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sosandroid%2Fdocker-fail2ban-synology/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31375769,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-03T17:53:18.093Z","status":"ssl_error","status_checked_at":"2026-04-03T17:53:17.617Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker-compose","fail2ban","synology-docker"],"created_at":"2026-04-03T20:35:10.760Z","updated_at":"2026-04-03T20:35:11.396Z","avatar_url":"https://github.com/sosandroid.png","language":null,"funding_links":["https://www.buymeacoffee.com/ju9hJ8RqGk"],"categories":[],"sub_categories":[],"readme":"# Docker Fail2ban for Synology NAS\r\n\r\nA docker-compose ready package to run [Fail2ban](https://github.com/crazy-max/docker-fail2ban) on Synology NAS. This setup is made to manage the Synology's DSM contraints and protect another container : Bitwarden_RS. However, adding your own actions, filters and jails allows use for other purposes.\r\n\r\nThe goal is to keep the Synology NAS system untouched to be upgrade-proof. This the reason why we did not try to modify the system and improve the embedded banIP. The best deal has to be able to adapt the embedded `iptables`.\r\n\r\nDespite this has been made to run on Synology NAS, this should run on other systems with / without minor adaptations.\r\n\r\n[![Buy me a coffee](./res/default-yellow.png)](https://www.buymeacoffee.com/ju9hJ8RqGk)\r\n\r\n\r\n## Documentation\r\n\r\n- [Crazy-Max/Docker-Fail2ban](https://github.com/crazy-max/docker-fail2ban/blob/master/README.md)\r\n\r\n## Solved issues on Synology\r\nThe main issues on Synology are the following:\r\n\r\n- The embedded ban IP system cannot work on running Docker containers by design\r\n- `REJECT` blocktype is not supported and must be switched to `DROP`\r\n- Modifying DSM system is not upgrade-proof\r\n\r\n## Pre-requisite\r\n- A Docker compatible Synology NAS\r\n- An up and running Docker package\r\n- A SSH client\r\n\r\n### Conventions\r\nAs convention, we will use as example the following\r\n- Folder used : `/volumeX/docker/` to be personnalized to your DSM setup\r\n\r\n## Installation\r\n\r\n1. Download this repo\r\n2. Unzip and review `docker-compose_fail2ban.yml` settings\r\n3. Copy this repo content to `/volumeX/docker/`\r\n\r\nThis is almost done. The file [`action.d/iptables.local`](fail2ban/action.d/iptables.local) switch the `REJECT` blocktype by `DROP`\r\n\r\n## Setup\r\n\r\nTo finish the setup, you need to add your filters and jails. The provided ones relies on a [bitwarden_rs instance](https://github.com/sosandroid/docker-bitwarden_rs-caddy-synology) and looks for the `bitwarden.log` file. If not available, you'll have an error at startup.\r\n\r\nReady for a first run : `docker-compose -f docker-compose_fail2ban.yml up`\r\n\r\nIf everything goes well, the prompt will let you know the container is started and wait until a `ctrl + C` is triggered to stop it. Have a look in log file and test your filters and rules. A usefull command to unban IP after testing :\r\n\r\n`sudo docker exec -t fail2ban fail2ban-client set bitwarden unbanip XX.XX.XX.XX`\r\n\r\nShutdown the servers issuing a `ctrl + C` in the terminal\r\n\r\n## Startup and Maintenance\r\n\r\n### Startup\r\nOnce setup is finished, you're ready to launch your \"_production_\" server. Review all the settings and  environment variables in the `.yml` file. Test it using the same `docker-compose -f docker-compose_fail2ban.yml up` as previously. If everything goes well, stop them and run as `detached` with the following command.\r\n\r\n\t`docker-compose -f docker-compose_fail2ban.yml up -d`\r\n\r\n### Maintenance\r\nUpgrade on a regular basis the servers as they continue to evolve on a daily/weekly basis. Run from a terminal the following commands, as `root`, from time to time.\r\n\r\n````sh\r\ncd /volumeX/docker/\r\ndocker-compose -f docker-compose_fail2ban.yml down\r\ndocker-compose -f docker-compose_fail2ban.yml pull\r\ndocker-compose -f docker-compose_fail2ban.yml up -d\r\n````\r\n\r\nIn order to keep a clean system, from time to time, use [this tutoriel](https://www.digitalocean.com/community/tutorials/how-to-remove-docker-images-containers-and-volumes).\r\n\r\n## Use with Bitwarden_RS\r\n\r\nThis setup has been made for [Bitwarden_RS proxied](https://github.com/sosandroid/docker-bitwarden_rs-caddy-synology) runing as Docker container on Synology NAS\r\n\r\n## Collaboration\r\nFeel free to propose any optimization through pull requests\r\n\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsosandroid%2Fdocker-fail2ban-synology","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsosandroid%2Fdocker-fail2ban-synology","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsosandroid%2Fdocker-fail2ban-synology/lists"}