fail2ban fails 2 ban login attemps to smtp (postfix) server in docker container
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I got a problem with my host / docker setting as follows:
Host runs fail2ban, which accesses the mail.log files from the docker container, which are mapped over a volume. This all works fine, I defined a jail.local
[postfix-sasl]
enabled = true
port = smtpd
filter = postfix-sasl
logpath = /var/lib/docker/volumes/smtp2/_data/mail.log
bantime = 604800
maxretry = 5
action = docker-action
and a filter postfix-sasl.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix(-w+)?/(?:submission/|smtps/)?smtp[ds]
_port = (?::d+)?
failregex = ^%(__prefix_line)swarning: [-._w]+[<HOST>]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+/:]*=0,2)?s*$
ignoreregex = authentication failed: Connection lost to authentication server$
[Init]
journalmatch = _SYSTEMD_UNIT=postfix.service
and an action as docker-action.conf
[Definition]
actionstart =
actionstop =
actioncheck = iptables -n -L FORWARD | grep -q 'DOCKER[ t]'
actionban = iptables -I DOCKER 1 -s <ip> -j DROP
actionunban = iptables -D DOCKER -s <ip> -j DROP
All seems to work fine, even got
2018-08-14 16:51:24,048 fail2ban.actions [26209]: WARNING [postfix-sasl] 181.214.206.133 already banned
and in iptables -S the following entry, as I wanted:
-A DOCKER -s 181.214.206.133/32 -j DROP
But in my container still all the attemps get in like this
Aug 14 17:34:28 smtp2 postfix/smtpd[16114]: warning: unknown[181.214.206.133]: SASL LOGIN authentication failed: authentication failure
Aug 14 17:34:29 smtp2 postfix/smtpd[16114]: disconnect from unknown[181.214.206.133] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Aug 14 17:34:52 smtp2 postfix/smtpd[16114]: connect from unknown[181.214.206.133]
Output from iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-N DOCKER-USER
-N f2bd-postfix-sasl
-N fail2ban-postfix
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-loggireject-input
-A INPUT -j ufw-track-input
-A FORWARD -p tcp -m multiport --dports 25 -j fail2ban-postfix
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A DOCKER -s 69.10.48.187/32 -j DROP
-A DOCKER -s 181.214.206.133/32 -j DROP
-A DOCKER-ISOLATION -j RETURN
-A DOCKER-USER -j RETURN
Output of iptables -vnL FORWARD | grep docker
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate ELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Can anyone explain to me, why those requests are still getting forwared to the docker container? Am I missing out on something?
linux ubuntu docker postfix fail2ban
 |Â
show 1 more comment
up vote
0
down vote
favorite
I got a problem with my host / docker setting as follows:
Host runs fail2ban, which accesses the mail.log files from the docker container, which are mapped over a volume. This all works fine, I defined a jail.local
[postfix-sasl]
enabled = true
port = smtpd
filter = postfix-sasl
logpath = /var/lib/docker/volumes/smtp2/_data/mail.log
bantime = 604800
maxretry = 5
action = docker-action
and a filter postfix-sasl.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix(-w+)?/(?:submission/|smtps/)?smtp[ds]
_port = (?::d+)?
failregex = ^%(__prefix_line)swarning: [-._w]+[<HOST>]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+/:]*=0,2)?s*$
ignoreregex = authentication failed: Connection lost to authentication server$
[Init]
journalmatch = _SYSTEMD_UNIT=postfix.service
and an action as docker-action.conf
[Definition]
actionstart =
actionstop =
actioncheck = iptables -n -L FORWARD | grep -q 'DOCKER[ t]'
actionban = iptables -I DOCKER 1 -s <ip> -j DROP
actionunban = iptables -D DOCKER -s <ip> -j DROP
All seems to work fine, even got
2018-08-14 16:51:24,048 fail2ban.actions [26209]: WARNING [postfix-sasl] 181.214.206.133 already banned
and in iptables -S the following entry, as I wanted:
-A DOCKER -s 181.214.206.133/32 -j DROP
But in my container still all the attemps get in like this
Aug 14 17:34:28 smtp2 postfix/smtpd[16114]: warning: unknown[181.214.206.133]: SASL LOGIN authentication failed: authentication failure
Aug 14 17:34:29 smtp2 postfix/smtpd[16114]: disconnect from unknown[181.214.206.133] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Aug 14 17:34:52 smtp2 postfix/smtpd[16114]: connect from unknown[181.214.206.133]
Output from iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-N DOCKER-USER
-N f2bd-postfix-sasl
-N fail2ban-postfix
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-loggireject-input
-A INPUT -j ufw-track-input
-A FORWARD -p tcp -m multiport --dports 25 -j fail2ban-postfix
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A DOCKER -s 69.10.48.187/32 -j DROP
-A DOCKER -s 181.214.206.133/32 -j DROP
-A DOCKER-ISOLATION -j RETURN
-A DOCKER-USER -j RETURN
Output of iptables -vnL FORWARD | grep docker
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate ELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Can anyone explain to me, why those requests are still getting forwared to the docker container? Am I missing out on something?
linux ubuntu docker postfix fail2ban
Where in iptables is the DOCKER chain called?
â RalfFriedl
Aug 15 at 8:47
Does the Output from iptables -S answer your question? Or is there anywhere else, I have to get the information from?
â John Daniels
Aug 15 at 10:44
What is the output ofiptables -vnL FORWARD | grep docker
, after there have been connections to your docker container?
â RalfFriedl
Aug 15 at 10:58
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
â John Daniels
Aug 16 at 13:58
Please add that to the question by using edit below the question. This is barely readable.
â RalfFriedl
Aug 16 at 16:56
 |Â
show 1 more comment
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I got a problem with my host / docker setting as follows:
Host runs fail2ban, which accesses the mail.log files from the docker container, which are mapped over a volume. This all works fine, I defined a jail.local
[postfix-sasl]
enabled = true
port = smtpd
filter = postfix-sasl
logpath = /var/lib/docker/volumes/smtp2/_data/mail.log
bantime = 604800
maxretry = 5
action = docker-action
and a filter postfix-sasl.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix(-w+)?/(?:submission/|smtps/)?smtp[ds]
_port = (?::d+)?
failregex = ^%(__prefix_line)swarning: [-._w]+[<HOST>]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+/:]*=0,2)?s*$
ignoreregex = authentication failed: Connection lost to authentication server$
[Init]
journalmatch = _SYSTEMD_UNIT=postfix.service
and an action as docker-action.conf
[Definition]
actionstart =
actionstop =
actioncheck = iptables -n -L FORWARD | grep -q 'DOCKER[ t]'
actionban = iptables -I DOCKER 1 -s <ip> -j DROP
actionunban = iptables -D DOCKER -s <ip> -j DROP
All seems to work fine, even got
2018-08-14 16:51:24,048 fail2ban.actions [26209]: WARNING [postfix-sasl] 181.214.206.133 already banned
and in iptables -S the following entry, as I wanted:
-A DOCKER -s 181.214.206.133/32 -j DROP
But in my container still all the attemps get in like this
Aug 14 17:34:28 smtp2 postfix/smtpd[16114]: warning: unknown[181.214.206.133]: SASL LOGIN authentication failed: authentication failure
Aug 14 17:34:29 smtp2 postfix/smtpd[16114]: disconnect from unknown[181.214.206.133] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Aug 14 17:34:52 smtp2 postfix/smtpd[16114]: connect from unknown[181.214.206.133]
Output from iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-N DOCKER-USER
-N f2bd-postfix-sasl
-N fail2ban-postfix
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-loggireject-input
-A INPUT -j ufw-track-input
-A FORWARD -p tcp -m multiport --dports 25 -j fail2ban-postfix
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A DOCKER -s 69.10.48.187/32 -j DROP
-A DOCKER -s 181.214.206.133/32 -j DROP
-A DOCKER-ISOLATION -j RETURN
-A DOCKER-USER -j RETURN
Output of iptables -vnL FORWARD | grep docker
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate ELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Can anyone explain to me, why those requests are still getting forwared to the docker container? Am I missing out on something?
linux ubuntu docker postfix fail2ban
I got a problem with my host / docker setting as follows:
Host runs fail2ban, which accesses the mail.log files from the docker container, which are mapped over a volume. This all works fine, I defined a jail.local
[postfix-sasl]
enabled = true
port = smtpd
filter = postfix-sasl
logpath = /var/lib/docker/volumes/smtp2/_data/mail.log
bantime = 604800
maxretry = 5
action = docker-action
and a filter postfix-sasl.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = postfix(-w+)?/(?:submission/|smtps/)?smtp[ds]
_port = (?::d+)?
failregex = ^%(__prefix_line)swarning: [-._w]+[<HOST>]%(_port)s: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+/:]*=0,2)?s*$
ignoreregex = authentication failed: Connection lost to authentication server$
[Init]
journalmatch = _SYSTEMD_UNIT=postfix.service
and an action as docker-action.conf
[Definition]
actionstart =
actionstop =
actioncheck = iptables -n -L FORWARD | grep -q 'DOCKER[ t]'
actionban = iptables -I DOCKER 1 -s <ip> -j DROP
actionunban = iptables -D DOCKER -s <ip> -j DROP
All seems to work fine, even got
2018-08-14 16:51:24,048 fail2ban.actions [26209]: WARNING [postfix-sasl] 181.214.206.133 already banned
and in iptables -S the following entry, as I wanted:
-A DOCKER -s 181.214.206.133/32 -j DROP
But in my container still all the attemps get in like this
Aug 14 17:34:28 smtp2 postfix/smtpd[16114]: warning: unknown[181.214.206.133]: SASL LOGIN authentication failed: authentication failure
Aug 14 17:34:29 smtp2 postfix/smtpd[16114]: disconnect from unknown[181.214.206.133] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Aug 14 17:34:52 smtp2 postfix/smtpd[16114]: connect from unknown[181.214.206.133]
Output from iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-N DOCKER-USER
-N f2bd-postfix-sasl
-N fail2ban-postfix
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-loggireject-input
-A INPUT -j ufw-track-input
-A FORWARD -p tcp -m multiport --dports 25 -j fail2ban-postfix
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A DOCKER -s 69.10.48.187/32 -j DROP
-A DOCKER -s 181.214.206.133/32 -j DROP
-A DOCKER-ISOLATION -j RETURN
-A DOCKER-USER -j RETURN
Output of iptables -vnL FORWARD | grep docker
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate ELATED,ESTABLISHED
0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Can anyone explain to me, why those requests are still getting forwared to the docker container? Am I missing out on something?
linux ubuntu docker postfix fail2ban
linux ubuntu docker postfix fail2ban
edited Aug 16 at 17:09
asked Aug 15 at 8:39
John Daniels
52
52
Where in iptables is the DOCKER chain called?
â RalfFriedl
Aug 15 at 8:47
Does the Output from iptables -S answer your question? Or is there anywhere else, I have to get the information from?
â John Daniels
Aug 15 at 10:44
What is the output ofiptables -vnL FORWARD | grep docker
, after there have been connections to your docker container?
â RalfFriedl
Aug 15 at 10:58
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
â John Daniels
Aug 16 at 13:58
Please add that to the question by using edit below the question. This is barely readable.
â RalfFriedl
Aug 16 at 16:56
 |Â
show 1 more comment
Where in iptables is the DOCKER chain called?
â RalfFriedl
Aug 15 at 8:47
Does the Output from iptables -S answer your question? Or is there anywhere else, I have to get the information from?
â John Daniels
Aug 15 at 10:44
What is the output ofiptables -vnL FORWARD | grep docker
, after there have been connections to your docker container?
â RalfFriedl
Aug 15 at 10:58
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
â John Daniels
Aug 16 at 13:58
Please add that to the question by using edit below the question. This is barely readable.
â RalfFriedl
Aug 16 at 16:56
Where in iptables is the DOCKER chain called?
â RalfFriedl
Aug 15 at 8:47
Where in iptables is the DOCKER chain called?
â RalfFriedl
Aug 15 at 8:47
Does the Output from iptables -S answer your question? Or is there anywhere else, I have to get the information from?
â John Daniels
Aug 15 at 10:44
Does the Output from iptables -S answer your question? Or is there anywhere else, I have to get the information from?
â John Daniels
Aug 15 at 10:44
What is the output of
iptables -vnL FORWARD | grep docker
, after there have been connections to your docker container?â RalfFriedl
Aug 15 at 10:58
What is the output of
iptables -vnL FORWARD | grep docker
, after there have been connections to your docker container?â RalfFriedl
Aug 15 at 10:58
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
â John Daniels
Aug 16 at 13:58
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
â John Daniels
Aug 16 at 13:58
Please add that to the question by using edit below the question. This is barely readable.
â RalfFriedl
Aug 16 at 16:56
Please add that to the question by using edit below the question. This is barely readable.
â RalfFriedl
Aug 16 at 16:56
 |Â
show 1 more comment
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
Your DOCKER
chain is only called from FORWARD
. As you can see from the numbers zero, the rules are not reached. Try to call the DOCKER
chain from INPUT
, too.
Thank you very much, this seems to do the Trick. Sorry, I sadly cant upvote yout answer due to my low reputation. But I am really grateful for your help :-)
â John Daniels
Aug 17 at 17:50
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
Your DOCKER
chain is only called from FORWARD
. As you can see from the numbers zero, the rules are not reached. Try to call the DOCKER
chain from INPUT
, too.
Thank you very much, this seems to do the Trick. Sorry, I sadly cant upvote yout answer due to my low reputation. But I am really grateful for your help :-)
â John Daniels
Aug 17 at 17:50
add a comment |Â
up vote
0
down vote
accepted
Your DOCKER
chain is only called from FORWARD
. As you can see from the numbers zero, the rules are not reached. Try to call the DOCKER
chain from INPUT
, too.
Thank you very much, this seems to do the Trick. Sorry, I sadly cant upvote yout answer due to my low reputation. But I am really grateful for your help :-)
â John Daniels
Aug 17 at 17:50
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
Your DOCKER
chain is only called from FORWARD
. As you can see from the numbers zero, the rules are not reached. Try to call the DOCKER
chain from INPUT
, too.
Your DOCKER
chain is only called from FORWARD
. As you can see from the numbers zero, the rules are not reached. Try to call the DOCKER
chain from INPUT
, too.
answered Aug 16 at 17:13
RalfFriedl
3,7001523
3,7001523
Thank you very much, this seems to do the Trick. Sorry, I sadly cant upvote yout answer due to my low reputation. But I am really grateful for your help :-)
â John Daniels
Aug 17 at 17:50
add a comment |Â
Thank you very much, this seems to do the Trick. Sorry, I sadly cant upvote yout answer due to my low reputation. But I am really grateful for your help :-)
â John Daniels
Aug 17 at 17:50
Thank you very much, this seems to do the Trick. Sorry, I sadly cant upvote yout answer due to my low reputation. But I am really grateful for your help :-)
â John Daniels
Aug 17 at 17:50
Thank you very much, this seems to do the Trick. Sorry, I sadly cant upvote yout answer due to my low reputation. But I am really grateful for your help :-)
â John Daniels
Aug 17 at 17:50
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f462700%2ffail2ban-fails-2-ban-login-attemps-to-smtp-postfix-server-in-docker-container%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Where in iptables is the DOCKER chain called?
â RalfFriedl
Aug 15 at 8:47
Does the Output from iptables -S answer your question? Or is there anywhere else, I have to get the information from?
â John Daniels
Aug 15 at 10:44
What is the output of
iptables -vnL FORWARD | grep docker
, after there have been connections to your docker container?â RalfFriedl
Aug 15 at 10:58
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
â John Daniels
Aug 16 at 13:58
Please add that to the question by using edit below the question. This is barely readable.
â RalfFriedl
Aug 16 at 16:56