Introduce geofilter for countries where I have no ties #12

New issue

Open

opened 2026-01-18 08:31:13 +00:00 by lab · 1 comment

lab commented

2026-01-18 08:31:13 +00:00

Owner

Install geofilter and rectrict the access to services from the countries where I have no ties.

lab commented

2026-01-18 08:31:55 +00:00

Author

Owner

Also fail2ban

If you're using Caddy:

       header_up Host {upstream_hostport}
       header_up X-Real-IP {remote_host}
       header_up X-Forwarded-For {remote_host}
       header_up X-Forwarded-Proto {scheme}

You'll need those.

For Fail2Ban:

Location: /etc/fail2ban/jail.d/jellyfin.conf

[jellyfin]
enabled = true
port = 80,443,8096,8920
protocol = tcp
filter = jellyfin
# Path to Caddy access logs
logpath = /var/log/caddy/access.log
# 5 failed attempts triggers ban
maxretry = 5
# Permanent ban (-1) - alternatively use a very large number like 31536000 (1 year)
bantime = -1
# Time window to count failures (10 minutes)
findtime = 600
# Action to take when banning
action = iptables-multiport[name=jellyfin, port="80,443,8096,8920", protocol=tcp]
# Whitelist local networks and your IPs (adjust as needed)
ignoreip = 127.0.0.1/8 ::1 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12

Location: /etc/fail2ban/filter.d/jellyfin.conf

[Definition]

# Match failed authentication attempts in Caddy JSON access logs
# Pattern matches POST requests to /Users/authenticatebyname that return 401 or 400 status codes
failregex = ^."remote_ip":""."method":"POST"."uri":"/Users/authenticate[^"]"."status":(401|400).$

# Ignore successful authentication (200 status codes)
ignoreregex = ^."remote_ip":""."method":"POST"."uri":"/Users/authenticate[^"]"."status":200.$

That should short you out :)

Also fail2ban > If you're using Caddy: header_up Host {upstream_hostport} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} header_up X-Forwarded-Proto {scheme} You'll need those. For Fail2Ban: Location: /etc/fail2ban/jail.d/jellyfin.conf [jellyfin] enabled = true port = 80,443,8096,8920 protocol = tcp filter = jellyfin # Path to Caddy access logs logpath = /var/log/caddy/access.log # 5 failed attempts triggers ban maxretry = 5 # Permanent ban (-1) - alternatively use a very large number like 31536000 (1 year) bantime = -1 # Time window to count failures (10 minutes) findtime = 600 # Action to take when banning action = iptables-multiport[name=jellyfin, port="80,443,8096,8920", protocol=tcp] # Whitelist local networks and your IPs (adjust as needed) ignoreip = 127.0.0.1/8 ::1 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 Location: /etc/fail2ban/filter.d/jellyfin.conf [Definition] # Match failed authentication attempts in Caddy JSON access logs # Pattern matches POST requests to /Users/authenticatebyname that return 401 or 400 status codes failregex = ^.*"remote_ip":"<HOST>".*"method":"POST".*"uri":"\/Users\/authenticate[^"]*".*"status":(401|400).*$ # Ignore successful authentication (200 status codes) ignoreregex = ^.*"remote_ip":"<HOST>".*"method":"POST".*"uri":"\/Users\/authenticate[^"]*".*"status":200.*$ --- That should short you out :)