• 0

Jellyfin and Fail2Ban


 Share

Question

Could somebody tell me what I'm doing wrong?  I'm trying to set up Fail2Ban to handle my Jellyfin service.  Jellyfin has a built in "block this user after X failed login attempts", but I'd like to use Fail2Ban in addition to that to block attempts to log in with incorrect usernames and such that wouldn't get caught by the built in autoban feature of Jellyfin.  Fail2Ban sees the jail and when I query the jail status, it appears to correctly report a list of the appropriate log files, but when I intentionally enter incorrect credentials Fail2Ban doesn't register the failure, and I'm fairly certain it's something to do with my regex in the filter file.

 

First off, here's the relevant line that contains a source IP address from my jellyfin log.  This IP is just a tor exit node I used to avoid blocking myself and is nothing sensitive.

[2021-07-29 15:51:12.579 -04:00] [INF] Authentication request for "test" has been denied (IP: "185.220.101.142").

 

Second, here's the contents of my /etc/fail2ban/jail.d/jellyfin.local file.  Note, 8920 is indeed the port Jellyfin is listening on.

[jellyfin]
enabled  = true
filter   = jellyfin
port     = 8920
logpath  = /var/log/jellyfin/jellyfin*.log
maxretry = 5
bantime  = 48h
protocol = tcp
backend  = auto
findtime = 36000

 

Third, here's the contents of my /etc/fail2ban/filter.d/jellyfin.conf file:

#Fail2Ban filter for Jellyfin

[Definition]
failregex = ^\[\] \[INF\] Authentication request for \"<USER>\" has been denied \(IP: "<HOST>"\).$
ignoreregex =

 

Link to comment
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.