-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fail2ban not unbanning IP addresses #5879
Comments
Been suffering from this for months. |
I cannot find your ticket number. Are you sure it's correct? |
I assume, you’re a TINC employee/contractor with access to the servercow.de ticketing system? Those are my two reports of the issue:
|
If you get a lot of login requests with malicious attempt I would use sg. else than that builtin script. It's really not efficient. Do you have any firewall solutions before your server? Or are you familiar with the "real" fail2ban project? https://github.com/fail2ban/fail2ban |
Yes, I'm familiar with the real fail2ban project, but I guess having two systems is one too many? Is there a tutorial on how to install an external fail2ban solution? I didn't find anything in the docs... By the way: Why does mailcow use a self-scripted fail2ban solution at all? |
When I wrote the initial version of this script (it has changed a lot since then) in 2017, the "real" fail2ban did not support IPv6 and couldn't read logs from Docker. I'm pretty sure it supports IPv6 nowadays, but I'm not sure it can handle any of Docker's log drivers other than the (non-default) systemd log. |
I have the same issue, although I've changed default fail2ban parameters strongly: Example lines (IPs changed): I've left it running for a few weeks without restarting and eventually it hanged with the last line visible: |
Running into a similar issue. @kovacs-andras We need to have logging with attempt fails to begin with if we want to be able to use a third-party that can facilitate this service if fail2ban does not work. How are you checking logs and automating today for failed login attempts? Do you recommend a specific log source to ingest login events that we can use to not solely rely on fail2ban/netfilter? Thanks in advance! I started noticing right after the latest release (2024-6a), so I can't tell when this has been occurring. The entire machine has been restarted and re-tested with the same issue. Everything else is working as expected. The only difference in my environment is that IPv6 was completely removed following the official doc.
|
Hi! On the new host several things changed from my previous setup:
Just want to share this. Maybe it help somebody... |
Watch out for whether this occurs only occasionally after a while – like it does for us. |
You're right. It was too early to celebrate. The phenomenon still exists for me too... |
We have same kind of symptom. When click on unban button, the frontend show unban pending but IP never unban. I need to execute command like this |
Does restarting the netfilter container not work for you? |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
I not like restart netfilter container because in this cas, all banned address are unban. Today again. One IP ban, normally automatically unban after 30min but stay ban after 4h. When clicking on unban button, unban attempt stay visible and nothing append. I need to execute my command on server directly :( |
I don't know if it is a reason but I seen today that banned IP is visible two time
Do you have an idea why two entry with same ip address, and if this can block unban ? |
I'd like to report that on version 2024-08a issue disappeared. |
Contribution guidelines
I've found a bug and checked that ...
Description
Currently I get a lot of login requests to my mailcow instance from a certain subnet, which is why the netfilter container does a lot of bans and unbans. I have noticed that after a certain time (about 3 to 5 days) netfilter no longer unbans the IPs and they remain permanently banned, so to speak. Here is an example for the IP
194.169.175.10
:In the mailcow GUI, the IPs are displayed with a negative ban time:
I have not changed anything in the netfilter settings, so they are default. Restarting the netfilter container usually helps to unblock the IP addresses again.
The following issue describes similar symptoms: #5518
Logs:
Steps to reproduce:
Which branch are you using?
master
Which architecture are you using?
x86
Operating System:
Ubuntu 22.04.4 LTS
Server/VM specifications:
4 CPU, 8 GB RAM
Is Apparmor, SELinux or similar active?
No
Virtualization technology:
KVM
Docker version:
26.1.1
docker-compose version or docker compose version:
v2.27.0
mailcow version:
2024-04
Reverse proxy:
No
Logs of git diff:
Logs of iptables -L -vn:
Logs of ip6tables -L -vn:
Logs of iptables -L -vn -t nat:
Logs of ip6tables -L -vn -t nat:
DNS check:
The text was updated successfully, but these errors were encountered: