From ae0a213e40a0900911c62c1d8afe1abadb29620d Mon Sep 17 00:00:00 2001 From: yolylight Date: Sun, 13 Oct 2024 21:41:12 +0800 Subject: [PATCH] Add Note for Synology DSM Docker Users --- Fail2Ban-Setup.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Fail2Ban-Setup.md b/Fail2Ban-Setup.md index 74397dc..af0420b 100644 --- a/Fail2Ban-Setup.md +++ b/Fail2Ban-Setup.md @@ -161,6 +161,14 @@ Docker uses the `FORWARD` chain instead of the default INPUT chain. If the machi chain = FORWARD ``` +###### Note for Synology DSM Docker Users + +Please set the `chain` to `DOCKER-USER` + +```ini +chain = DOCKER-USER +``` + ###### Note for Docker Users with Fail2Ban v1.1.1.dev1 (and possibly newer) With Fail2Ban v1.1.1.dev1 the default `banactions` for Debian changed from iptables to nftables (see [here](https://github.com/fail2ban/fail2ban/commit/d0d07285234871bad3dc0c359d0ec03365b6dddc)). Docker (at least version 25.0.3) on the other hand still uses iptables. Hence, the requests to the Docker containers are not blocked with `banaction = %(banaction_allports)s`. In this scenario, use