eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Remove Alpine's default SSH jails for fail2ban

Browse source 
Alpine ships alpine-ssh.conf with sshd and sshd-ddos jails enabled.
These fail on startup because there's no SSH server or /var/log/messages
in the container. Remove the file after install instead of trying to
override via [DEFAULT] (per-jail enabled=true beats DEFAULT).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-03-03 08:34:21 -08:00
commit fedfdb1228
2 changed files with 2 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
fly/Dockerfile
View file

@ -9,7 +9,8 @@ COPY --from=docker.io/tailscale/tailscale:stable \
RUN mkdir -p /var/run/tailscale /var/lib/tailscale \
&& apk add --no-cache iptables ip6tables \
&& apk add --no-cache libc6-compat \
&& apk add --no-cache fail2ban
&& apk add --no-cache fail2ban \
&& rm -f /etc/fail2ban/jail.d/alpine-ssh.conf
# Copy Alloy binary from official image (Ubuntu-based, needs libc6-compat)
COPY --from=docker.io/grafana/alloy:v1.13.1 \

4
fly/fail2ban/jail.d/forge.conf
View file

@ -1,7 +1,3 @@
# Disable all default jails — this container has no SSH, mail, etc.
[DEFAULT]
enabled = false
[forge-login]
enabled = true
filter = forge-login