Fail2ban for Docker
方式一:在主要服務的 container 裡安裝 Fail2ban
NOTE:
The container must be launched with the NET_ADMIN capability in order to be able to install the iptable rules that actually ban IP addresses. Thus either include
--cap-add=NET_ADMINin the docker run commandline or the equivalent docker-compose.yml:
docker-compose.yml:
cap_add:
- NET_ADMIN
方法二:安裝一個 Fail2ban 專有的 container
NOTE:
透過這個 Fail2ban container 來保護整個 Host 的網路服務。
方法三:從 Host 裡安裝 Fail2ban
NOTE:
透過 Host 的 Fail2ban 保護所有 container 的對外網路服務
Powered by MindTouch Core