Re: [SSHGuard-users] Blocked attackers can still access docker containers

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

OK, going through my nft rules again, I see a chain called
"DOCKER-USER". I found the (possibly outdated) documentation here:

    https://docs.docker.com/network/iptables/

and it says:

    By default, all external source IPs are allowed to connect to the
    Docker daemon. To allow only a specific IP or network to access the
    containers, insert a negated rule at the top of the DOCKER filter
    chain. For example, the following rule restricts external access to
    all IP addresses except 192.168.1.1:

	iptables -I DOCKER-USER -i ext_if ! -s 192.168.1.1 -j DROP

So I'm guessing the documentation is outdated (iptables instead of
nftables), and also slightly incorrect (it says DOCKER instead of
DOCKER-USER).

If we could also add sshguards blacklist rule to the DOCKER-USER chain
it might solve the problem. I don't know how to do this reliably though.

GI

-- 
A plateau is a high form of flattery.

Re: [SSHGuard-users] Blocked attackers can still access docker containers

Intelligently block brute-force attacks by aggregating system logs

Re: [SSHGuard-users] Blocked attackers can still access docker containers