Could somebody tell me what I'm doing wrong? I'm trying to set up Fail2Ban to handle my Jellyfin service. Jellyfin has a built in "block this user after X failed login attempts", but I'd like to use Fail2Ban in addition to that to block attempts to log in with incorrect usernames and such that wouldn't get caught by the built in autoban feature of Jellyfin. Fail2Ban sees the jail and when I query the jail status, it appears to correctly report a list of the appropriate log files, but when I intentionally enter incorrect credentials Fail2Ban doesn't register the failure, and I'm fairly certain it's something to do with my regex in the filter file.
First off, here's the relevant line that contains a source IP address from my jellyfin log. This IP is just a tor exit node I used to avoid blocking myself and is nothing sensitive.
[2021-07-29 15:51:12.579 -04:00] [INF] Authentication request for "test" has been denied (IP: "185.220.101.142").
Second, here's the contents of my /etc/fail2ban/jail.d/jellyfin.local file. Note, 8920 is indeed the port Jellyfin is listening on.
Third, here's the contents of my /etc/fail2ban/filter.d/jellyfin.conf file:
#Fail2Ban filter for Jellyfin
[Definition]
failregex = ^\[\] \[INF\] Authentication request for \"<USER>\" has been denied \(IP: "<HOST>"\).$
ignoreregex =
Question
Gerowen
Could somebody tell me what I'm doing wrong? I'm trying to set up Fail2Ban to handle my Jellyfin service. Jellyfin has a built in "block this user after X failed login attempts", but I'd like to use Fail2Ban in addition to that to block attempts to log in with incorrect usernames and such that wouldn't get caught by the built in autoban feature of Jellyfin. Fail2Ban sees the jail and when I query the jail status, it appears to correctly report a list of the appropriate log files, but when I intentionally enter incorrect credentials Fail2Ban doesn't register the failure, and I'm fairly certain it's something to do with my regex in the filter file.
First off, here's the relevant line that contains a source IP address from my jellyfin log. This IP is just a tor exit node I used to avoid blocking myself and is nothing sensitive.
[2021-07-29 15:51:12.579 -04:00] [INF] Authentication request for "test" has been denied (IP: "185.220.101.142").
Second, here's the contents of my /etc/fail2ban/jail.d/jellyfin.local file. Note, 8920 is indeed the port Jellyfin is listening on.
[jellyfin] enabled = true filter = jellyfin port = 8920 logpath = /var/log/jellyfin/jellyfin*.log maxretry = 5 bantime = 48h protocol = tcp backend = auto findtime = 36000
Third, here's the contents of my /etc/fail2ban/filter.d/jellyfin.conf file:
Link to comment
Share on other sites
0 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now