Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Fail2ban?

Featured Replies

i have a Qnap nas and i want somthing like this in unraid :D
image.png.543a20d890688a5e8fc57bbc894418d1.pngi
its dansih within xx min and xx failed attempts then ban for xx number of times or lifetime :D
and opportunity to limeted to ex "Danmark" ip's so no from other country can Access my server

TheBeast

Exactly. Give us the ability to flat out ban connections from certain countries or white-list only certain countries.

 

For a US server I would ban everything outside of North America (US and Canada).

 

For Europe I would ban anything in China, Russia, India or other Hotspot hacker regions for a start.

  • 1 month later...

+1

I would like to be able to see somewhere all failed login attempts on Unraid services

  • 3 months later...

This would be a great feature for the Unraid 6.10 security update.

I maybe being dense here, but the UnRAID GUI should not be accessible from the internet anyway so what benefit would this have?

 

Services should be behind reverse proxies - and using SWAG / NPM (I personally use SWAG but assume its in NPM) fail2ban is implemented, as well as geoip database lookups to block country subnets etc.

It would be for more than just the UI.

  • 2 months later...

I'm a huge fan of fail2ban.  Never assume that your perimeter is impenetrable.  Treat everything like it's the interwebz.  I've seen really serious compromises that happened through copiers, coffee makers, lights, cameras, refrigerators, door alarms, and cash registers.  

 

Assume for a moment that a family member invites someone over.  Should that guest's cell phone be able to surf your network and map all your drives?  Maybe download your tax returns or your medical records? 

  • 7 months later...

+1

+1

 

I know it's not recommanded to open unraid on the net, but docker + traefik + a little of magic .... 

On 6/22/2022 at 6:11 PM, Djeen said:

docker + traefik + a little of magic

I see the issue there... :D

 

traefik...

 

Use SWAG and you get Fail2Ban and the option to use Authelia in combination with F2B.

  • 2 weeks later...

I mentioned in discord over the weekend that I keep seeing suggestions against exposing unRAID to the internet in any capacity, but the My Servers plugin comes with a built in option to do exactly that (expose the web UI to the internet to allow remote access), and exposing SSH to the internet can be done very safely and easily if you prohibit password login as root via ssh.

 

Either way, it would be insanely beneficial to have fail2ban natively on unRAID, either with some standard configurations for SSH and HTTP/HTTPS, or with some easy to enable examples and instructions.

 

SWAG is great, I use it, I contribute to the project, but native support would be greatly appreciated.

  • 2 weeks later...

+1

Would love to see f2b built into Unraid. As mentioned above, as soon as the My Servers plugin started becoming a thing, I feel like fail2ban should have also had a native roll out. There's a lot of users out there and a whole bunch of them aren't aware of the security risks involved in exposing any part of their server to the outside world. f2b would be one more layer to protect them.

I decided to do something about it. While I don't have a solution to run fail2ban directly on the native OS, I am now successfully running a docker container capable of applying iptables bans at the host level and I am protecting unRAID's web GUI and SSH (and other things running in other docker containers).

 

I plan to share this project as an lsio image in the near future. I have everything functional complete and I am working on documentation. I'll try to remember to reply here when I have a proper release available.

  • 3 weeks later...
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.