Fail2Ban setup doesn't work (vaultwarden/f2b/nginx proxy manager)

[miseym]

I've followed the tutorial through several times now because I've gotten frustrated I've wiped my VQ vm and started from scratch about three times now. I just can't get fail2ban to work according to the instructions alone.

I have vaultwarden installed (docker container of course), and fail2ban installed directly. I have nginx proxy manager as the reverse proxy in a separate vm. I have a let's encrypt SSL installed etc etc. no issues with access whatsoever.

I set up my jail.d/vaultwarden.local exactly as the tutorial says. I set up my filter.d/vaultwarden.local exactly as the tutorial says. I have the jal looking at the correct log file path. I can see the external IPs being logged on failed login attempts. Running fail2ban-regex correctly matches the failed logins in the log with the filter regex string. But nothing happens. iptables doesn't get any entries, nothing shows as banned in fail2ban-client status vaultwarden. But even if I manually ban an IP it shows as banned in fail2ban-client status but i still have access anyway, nothing in iptables.

I am going out of my mind because I've gone over everything (and there isn't that much to go over) and I just can't work out why it isn't working. I haven't done any config in any action .conf files because the tutorial doesn't say to touch anything there. I've just done what the tutorial said and it just doesn't work. Someone please help, if you have the same or similar setup please help me out here.

# path_f2b/jail.d/vaultwarden.local

[vaultwarden]
enabled = true
port = 80,443,8081
filter = vaultwarden
banaction = %(banaction_allports)s
logpath = /home/user/docker/vaultwarden/logs/vaultwarden.log
maxretry = 3
bantime = 14400
findtime = 14400

# path_f2b/filter.d/vaultwarden.local

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*?Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
ignoreregex =

I've confirmed the f2b log is getting the correct external client IP too. Except it just does nothing. I'm absolutely out of ideas.

[Amras2322]

Same issue here! Installed fail2ban using apt on Ubuntu Server, Vaultwarden is on docker. Fail2ban is pulling IPs from the vaultwarden.log just fine, but is unable to successfully ban IPs. A few excerpts from my fail2ban.log:

ERROR Command ['set', 'vaultwarden', 'ban', '2a02:6ea0:c603:3558::17'] has failed. Received Exception("Invalid command 'ban' (no set action or not yet implemented)")

And my /etc/fail2ban/jail.d/vaultwarden.local:

[vaultwarden] enabled = true port = 80,443,8081 filter = vaultwarden banaction = %(banaction_allports)s logpath = /docker/appdata/vaultwarden/log/vaultwarden.log maxretry = 3 bantime = 14400 findtime = 14400 chain = FORWARD

The last part is added because of the wiki's note for docker users. Please let me know if I misunderstood!

[CodeWithCJ]

For it works if I manually ban using the command. but its not working automatically. Anyone found the fix?

sudo fail2ban-client set vaultwarden banip my_ip

sudo nano vaultwarden.local

[vaultwarden]
enabled = true
port = 80,443,8081
filter = vaultwarden
#action = iptables[name=vaultwarden, port="all"], cloudflare
action = cloudflare
banaction = %(banaction_allports)s
journalmatch = _COMM=vaultwarden
logpath = /home/ubuntu/SparkyApps/vaultwarden/log.log
maxretry = 3
bantime = 14400
findtime = 14400

sudo nano vaultwarden.local

[INCLUDES]
before = common.conf

[Definition]
failregex =
    ^.*?Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
    ^.*Invalid admin token\. IP: <ADDR>.*$
ignoreregex =