MHSanaei 28330e60d8 fix(docker): grant NET_ADMIN/NET_RAW so fail2ban IP-limit bans apply ...

The image bundles fail2ban (enabled by default) to enforce per-client IP
limits via iptables, but docker-compose.yml granted no capabilities. The
job logs the ban and fail2ban reports it as banned, yet the iptables
action fails with "Permission denied (you must be root)" and no rule is
inserted, so the client is never actually blocked. Add cap_add
NET_ADMIN/NET_RAW to the service and document the docker run flags.

2026-06-01 17:17:49 +02:00

1.2 KiB

Raw Blame History

View Raw