From e72784378abeae52fb1c8b0a7ac821795732981a Mon Sep 17 00:00:00 2001
From: valentinbreiz <valentinbreiz@gmail.com>
Date: Wed, 3 Jan 2024 14:49:29 +0100
Subject: [PATCH 1/3] =?UTF-8?q?=E2=9C=A8=20Update=20fail2ban=20to=20https:?=
 =?UTF-8?q?//github.com/fail2ban/fail2ban/pull/3467=20for=20geoIP=20suppor?=
 =?UTF-8?q?t?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker/dockerfile/fail2ban/Dockerfile      |  56 ++++++++++-
 docker/dockerfile/fail2ban/docker-bake.hcl |  35 +++++++
 docker/dockerfile/fail2ban/entrypoint.sh   | 104 +++++++++++++++++++++
 protos/blacklist.proto                     |   8 ++
 4 files changed, 201 insertions(+), 2 deletions(-)
 create mode 100644 docker/dockerfile/fail2ban/docker-bake.hcl
 create mode 100644 docker/dockerfile/fail2ban/entrypoint.sh

diff --git a/docker/dockerfile/fail2ban/Dockerfile b/docker/dockerfile/fail2ban/Dockerfile
index 6c79b17..efa8a1c 100644
--- a/docker/dockerfile/fail2ban/Dockerfile
+++ b/docker/dockerfile/fail2ban/Dockerfile
@@ -1,5 +1,57 @@
-FROM crazymax/fail2ban:latest
+# syntax=docker/dockerfile:1
+
+ARG FAIL2BAN_VERSION=HEAD
+ARG ALPINE_VERSION=3.18
+
+FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS fail2ban-src
+RUN apk add --no-cache git
+WORKDIR /src/fail2ban
+RUN git init . && git remote add origin "https://github.com/Honeybrain/fail2ban.git"
+ARG FAIL2BAN_VERSION
+RUN git fetch origin "${FAIL2BAN_VERSION}" && git checkout -q FETCH_HEAD
+
+FROM alpine:${ALPINE_VERSION}
+RUN --mount=from=fail2ban-src,source=/src/fail2ban,target=/tmp/fail2ban,rw \
+  apk --update --no-cache add \
+    bash \
+    curl \
+    docker-cli \
+    geoip \
+    grep \
+    ipset \
+    iptables \
+    ip6tables \
+    kmod \
+    nftables \
+    openssh-client-default \
+    python3 \
+    ssmtp \
+    tzdata \
+    wget \
+    whois \
+  && apk --update --no-cache add -t build-dependencies \
+    build-base \
+    py3-pip \
+    py3-setuptools \
+    python3-dev \
+  && pip3 install --no-cache-dir --upgrade pip \
+  && pip3 install --no-cache-dir dnspython3 pyinotify \
+  && cd /tmp/fail2ban \
+  && 2to3 -w --no-diffs bin/* fail2ban \
+  && python3 setup.py install --without-tests \
+  && apk del build-dependencies \
+  && rm -rf /etc/fail2ban/jail.d /root/.cache
+
+COPY entrypoint.sh /entrypoint.sh
+
+ENV TZ="UTC"
+
+VOLUME [ "/data" ]
 
 USER root
 
-RUN apk add --no-cache docker-cli
\ No newline at end of file
+ENTRYPOINT [ "/entrypoint.sh" ]
+CMD [ "fail2ban-server", "-f", "-x", "-v", "start" ]
+
+HEALTHCHECK --interval=10s --timeout=5s \
+  CMD fail2ban-client ping || exit 1
\ No newline at end of file
diff --git a/docker/dockerfile/fail2ban/docker-bake.hcl b/docker/dockerfile/fail2ban/docker-bake.hcl
new file mode 100644
index 0000000..98c53fb
--- /dev/null
+++ b/docker/dockerfile/fail2ban/docker-bake.hcl
@@ -0,0 +1,35 @@
+variable "DEFAULT_TAG" {
+  default = "fail2ban:local"
+}
+
+// Special target: https://github.com/docker/metadata-action#bake-definition
+target "docker-metadata-action" {
+  tags = ["${DEFAULT_TAG}"]
+}
+
+// Default target if none specified
+group "default" {
+  targets = ["image-local"]
+}
+
+target "image" {
+  inherits = ["docker-metadata-action"]
+}
+
+target "image-local" {
+  inherits = ["image"]
+  output = ["type=docker"]
+}
+
+target "image-all" {
+  inherits = ["image"]
+  platforms = [
+    "linux/386",
+    "linux/amd64",
+    "linux/arm/v6",
+    "linux/arm/v7",
+    "linux/arm64",
+    "linux/ppc64le",
+    "linux/s390x"
+  ]
+}
\ No newline at end of file
diff --git a/docker/dockerfile/fail2ban/entrypoint.sh b/docker/dockerfile/fail2ban/entrypoint.sh
new file mode 100644
index 0000000..2412b55
--- /dev/null
+++ b/docker/dockerfile/fail2ban/entrypoint.sh
@@ -0,0 +1,104 @@
+#!/bin/bash
+
+TZ=${TZ:-UTC}
+
+F2B_LOG_TARGET=${F2B_LOG_TARGET:-STDOUT}
+F2B_LOG_LEVEL=${F2B_LOG_LEVEL:-INFO}
+F2B_DB_PURGE_AGE=${F2B_DB_PURGE_AGE:-1d}
+
+SSMTP_PORT=${SSMTP_PORT:-25}
+SSMTP_HOSTNAME=${SSMTP_HOSTNAME:-$(hostname -f)}
+SSMTP_TLS=${SSMTP_TLS:-NO}
+SSMTP_STARTTLS=${SSMTP_STARTTLS:-NO}
+
+# From https://github.com/docker-library/mariadb/blob/master/docker-entrypoint.sh#L21-L41
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+  export "$var"="$val"
+  unset "$fileVar"
+}
+
+# Timezone
+echo "Setting timezone to ${TZ}..."
+ln -snf /usr/share/zoneinfo/${TZ} /etc/localtime
+echo ${TZ} > /etc/timezone
+
+# SSMTP
+file_env 'SSMTP_PASSWORD'
+echo "Setting SSMTP configuration..."
+if [ -z "$SSMTP_HOST" ] ; then
+  echo "WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails"
+else
+  cat > /etc/ssmtp/ssmtp.conf <<EOL
+mailhub=${SSMTP_HOST}:${SSMTP_PORT}
+hostname=${SSMTP_HOSTNAME}
+FromLineOverride=YES
+UseTLS=${SSMTP_TLS}
+UseSTARTTLS=${SSMTP_STARTTLS}
+EOL
+  # Authentication to SMTP server is optional.
+  if [ -n "$SSMTP_USER" ] ; then
+    cat >> /etc/ssmtp/ssmtp.conf <<EOL
+AuthUser=${SSMTP_USER}
+AuthPass=${SSMTP_PASSWORD}
+EOL
+  fi
+fi
+unset SSMTP_HOST
+unset SSMTP_USER
+unset SSMTP_PASSWORD
+
+# Init
+echo "Initializing files and folders..."
+mkdir -p /data/db /data/action.d /data/filter.d /data/jail.d
+ln -sf /data/jail.d /etc/fail2ban/
+
+# Fail2ban conf
+echo "Setting Fail2ban configuration..."
+sed -i "s|logtarget =.*|logtarget = $F2B_LOG_TARGET|g" /etc/fail2ban/fail2ban.conf
+sed -i "s/loglevel =.*/loglevel = $F2B_LOG_LEVEL/g" /etc/fail2ban/fail2ban.conf
+sed -i "s/dbfile =.*/dbfile = \/data\/db\/fail2ban\.sqlite3/g" /etc/fail2ban/fail2ban.conf
+sed -i "s/dbpurgeage =.*/dbpurgeage = $F2B_DB_PURGE_AGE/g" /etc/fail2ban/fail2ban.conf
+sed -i "s/#allowipv6 =.*/allowipv6 = auto/g" /etc/fail2ban/fail2ban.conf
+
+# Check custom actions
+echo "Checking for custom actions in /data/action.d..."
+actions=$(ls -l /data/action.d | grep -E '^-' | awk '{print $9}')
+for action in ${actions}; do
+  if [ -f "/etc/fail2ban/action.d/${action}" ]; then
+    echo "  WARNING: ${action} already exists and will be overriden"
+    rm -f "/etc/fail2ban/action.d/${action}"
+  fi
+  echo "  Add custom action ${action}..."
+  ln -sf "/data/action.d/${action}" "/etc/fail2ban/action.d/"
+done
+
+# Check custom filters
+echo "Checking for custom filters in /data/filter.d..."
+filters=$(ls -l /data/filter.d | grep -E '^-' | awk '{print $9}')
+for filter in ${filters}; do
+  if [ -f "/etc/fail2ban/filter.d/${filter}" ]; then
+    echo "  WARNING: ${filter} already exists and will be overriden"
+    rm -f "/etc/fail2ban/filter.d/${filter}"
+  fi
+  echo "  Add custom filter ${filter}..."
+  ln -sf "/data/filter.d/${filter}" "/etc/fail2ban/filter.d/"
+done
+
+exec "$@"
\ No newline at end of file
diff --git a/protos/blacklist.proto b/protos/blacklist.proto
index 2b22d1a..ac79870 100644
--- a/protos/blacklist.proto
+++ b/protos/blacklist.proto
@@ -4,6 +4,7 @@ package blacklist;
 
 service Blacklist {
   rpc PutBlackList (PutBlackListRequest) returns (PutBlackListReply) {}
+  rpc BlockCountry (BlockCountryRequest) returns (BlockCountryReply) {}
   rpc GetBlackList (GetBlackListRequest) returns (stream GetBlackListReply) {}
   rpc PutWhiteList (PutWhiteListRequest) returns (PutWhiteListReply) {}
 }
@@ -15,6 +16,13 @@ message PutBlackListRequest {
 message PutBlackListReply {
 }
 
+message BlockCountryRequest {
+  string countryCode = 1;
+}
+
+message BlockCountryReply {
+}
+
 message GetBlackListRequest {}
 
 message GetBlackListReply {

From 26ffcf313b62d26580f8af9af8228b661ea9591f Mon Sep 17 00:00:00 2001
From: valentinbreiz <valentinbreiz@gmail.com>
Date: Wed, 3 Jan 2024 15:57:50 +0100
Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=90=9B=20Fix=20build=20+=20add=20geoh?=
 =?UTF-8?q?ostsdeny=20to=20jail?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/fail2ban/action.d/geohostsdeny.conf | 58 ++++++++++++++++++++++
 config/fail2ban/jail.d/jail.local          |  3 ++
 scripts/auto_update_vps.sh                 |  0
 scripts/check_setup.sh                     |  2 +-
 4 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 config/fail2ban/action.d/geohostsdeny.conf
 mode change 100755 => 100644 scripts/auto_update_vps.sh

diff --git a/config/fail2ban/action.d/geohostsdeny.conf b/config/fail2ban/action.d/geohostsdeny.conf
new file mode 100644
index 0000000..ded721a
--- /dev/null
+++ b/config/fail2ban/action.d/geohostsdeny.conf
@@ -0,0 +1,58 @@
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = 
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = 
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights. 
+#          Excludes PH|Philippines from banning.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = IP=<ip> &&
+            geoiplookup $IP | egrep "<country_list>" || 
+            (printf %%b "<daemon_list>: $IP\n" >> <file>)
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file>
+
+[Init]
+
+# Option:  country_list
+# Notes.:  List of banned countries separated by pipe "|"
+# Values:  STR  Default:  
+#
+country_list = PH|Philippines
+
+# Option:  file
+# Notes.:  hosts.deny file path.
+# Values:  STR  Default:  /etc/hosts.deny
+#
+file = /etc/hosts.deny
+
+# Option:  daemon_list
+# Notes:   The list of services that this action will deny. See the man page
+#          for hosts.deny/hosts_access. Default is all services.
+# Values:  STR  Default: ALL
+daemon_list = ALL
diff --git a/config/fail2ban/jail.d/jail.local b/config/fail2ban/jail.d/jail.local
index c299033..c0ff684 100644
--- a/config/fail2ban/jail.d/jail.local
+++ b/config/fail2ban/jail.d/jail.local
@@ -19,6 +19,9 @@ findtime = 600
 # How many attempts can be made before a ban is imposed
 maxretry = 3
 
+# Define the banaction globally if you want all jails to use the geohostsdeny action
+banaction = geohostsdeny
+
 [iptables-honeypot]
 enabled = true
 port = all
diff --git a/scripts/auto_update_vps.sh b/scripts/auto_update_vps.sh
old mode 100755
new mode 100644
diff --git a/scripts/check_setup.sh b/scripts/check_setup.sh
index 1f89c24..47d6e85 100644
--- a/scripts/check_setup.sh
+++ b/scripts/check_setup.sh
@@ -72,4 +72,4 @@ if ! python3 -c "import jinja2" &> /dev/null; then
     echo "❌ Error: jinja2 is not installed for python3. Please install 'jinja2' pip3 package."
     exit 1
 fi
-echo "✅ jinja2 is installed."
\ No newline at end of file
+echo "✅ jinja2 is installed."

From c97a71738c842a390de0ee384f1e0c9808525b03 Mon Sep 17 00:00:00 2001
From: valentinbreiz <valentinbreiz@gmail.com>
Date: Wed, 3 Jan 2024 16:27:11 +0100
Subject: [PATCH 3/3] =?UTF-8?q?=E2=9C=A8=20Block=20country?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config/fail2ban/action.d/geohostsdeny.conf |   3 +-
 docker/compose/docker-compose.yml          |   1 +
 docker/dockerfile/fail2ban/Dockerfile      |  57 +----------
 docker/dockerfile/fail2ban/docker-bake.hcl |  35 -------
 docker/dockerfile/fail2ban/entrypoint.sh   | 104 ---------------------
 5 files changed, 6 insertions(+), 194 deletions(-)
 delete mode 100644 docker/dockerfile/fail2ban/docker-bake.hcl
 delete mode 100644 docker/dockerfile/fail2ban/entrypoint.sh

diff --git a/config/fail2ban/action.d/geohostsdeny.conf b/config/fail2ban/action.d/geohostsdeny.conf
index ded721a..a2f3ad7 100644
--- a/config/fail2ban/action.d/geohostsdeny.conf
+++ b/config/fail2ban/action.d/geohostsdeny.conf
@@ -43,7 +43,7 @@ actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file>
 # Notes.:  List of banned countries separated by pipe "|"
 # Values:  STR  Default:  
 #
-country_list = PH|Philippines
+country_list = PH
 
 # Option:  file
 # Notes.:  hosts.deny file path.
@@ -56,3 +56,4 @@ file = /etc/hosts.deny
 #          for hosts.deny/hosts_access. Default is all services.
 # Values:  STR  Default: ALL
 daemon_list = ALL
+  
\ No newline at end of file
diff --git a/docker/compose/docker-compose.yml b/docker/compose/docker-compose.yml
index 72cff61..925a7ca 100644
--- a/docker/compose/docker-compose.yml
+++ b/docker/compose/docker-compose.yml
@@ -89,6 +89,7 @@ services:
       - "../../logs/suricata/fast.log:/app/honeypot/fast.log"
       - "../../config/suricata/suricata.rules:/app/honeypot/suricata.rules"
       - "../../config/fail2ban/filter.d/nginx-honeypot.conf:/app/honeypot/nginx-honeypot.conf"
+      - "../../config/fail2ban/action.d/geohostsdeny.conf:/app/honeypot/geohostsdeny.conf"
       - "../../config/nginx/block.conf:/app/honeypot/block.conf"
       - "/var/run/docker.sock:/var/run/docker.sock"
     healthcheck:
diff --git a/docker/dockerfile/fail2ban/Dockerfile b/docker/dockerfile/fail2ban/Dockerfile
index efa8a1c..d94a74c 100644
--- a/docker/dockerfile/fail2ban/Dockerfile
+++ b/docker/dockerfile/fail2ban/Dockerfile
@@ -1,57 +1,6 @@
-# syntax=docker/dockerfile:1
-
-ARG FAIL2BAN_VERSION=HEAD
-ARG ALPINE_VERSION=3.18
-
-FROM --platform=$BUILDPLATFORM alpine:${ALPINE_VERSION} AS fail2ban-src
-RUN apk add --no-cache git
-WORKDIR /src/fail2ban
-RUN git init . && git remote add origin "https://github.com/Honeybrain/fail2ban.git"
-ARG FAIL2BAN_VERSION
-RUN git fetch origin "${FAIL2BAN_VERSION}" && git checkout -q FETCH_HEAD
-
-FROM alpine:${ALPINE_VERSION}
-RUN --mount=from=fail2ban-src,source=/src/fail2ban,target=/tmp/fail2ban,rw \
-  apk --update --no-cache add \
-    bash \
-    curl \
-    docker-cli \
-    geoip \
-    grep \
-    ipset \
-    iptables \
-    ip6tables \
-    kmod \
-    nftables \
-    openssh-client-default \
-    python3 \
-    ssmtp \
-    tzdata \
-    wget \
-    whois \
-  && apk --update --no-cache add -t build-dependencies \
-    build-base \
-    py3-pip \
-    py3-setuptools \
-    python3-dev \
-  && pip3 install --no-cache-dir --upgrade pip \
-  && pip3 install --no-cache-dir dnspython3 pyinotify \
-  && cd /tmp/fail2ban \
-  && 2to3 -w --no-diffs bin/* fail2ban \
-  && python3 setup.py install --without-tests \
-  && apk del build-dependencies \
-  && rm -rf /etc/fail2ban/jail.d /root/.cache
-
-COPY entrypoint.sh /entrypoint.sh
-
-ENV TZ="UTC"
-
-VOLUME [ "/data" ]
+FROM crazymax/fail2ban:latest
 
 USER root
 
-ENTRYPOINT [ "/entrypoint.sh" ]
-CMD [ "fail2ban-server", "-f", "-x", "-v", "start" ]
-
-HEALTHCHECK --interval=10s --timeout=5s \
-  CMD fail2ban-client ping || exit 1
\ No newline at end of file
+RUN apk add --no-cache docker-cli
+RUN apk add --no-cache geoip
\ No newline at end of file
diff --git a/docker/dockerfile/fail2ban/docker-bake.hcl b/docker/dockerfile/fail2ban/docker-bake.hcl
deleted file mode 100644
index 98c53fb..0000000
--- a/docker/dockerfile/fail2ban/docker-bake.hcl
+++ /dev/null
@@ -1,35 +0,0 @@
-variable "DEFAULT_TAG" {
-  default = "fail2ban:local"
-}
-
-// Special target: https://github.com/docker/metadata-action#bake-definition
-target "docker-metadata-action" {
-  tags = ["${DEFAULT_TAG}"]
-}
-
-// Default target if none specified
-group "default" {
-  targets = ["image-local"]
-}
-
-target "image" {
-  inherits = ["docker-metadata-action"]
-}
-
-target "image-local" {
-  inherits = ["image"]
-  output = ["type=docker"]
-}
-
-target "image-all" {
-  inherits = ["image"]
-  platforms = [
-    "linux/386",
-    "linux/amd64",
-    "linux/arm/v6",
-    "linux/arm/v7",
-    "linux/arm64",
-    "linux/ppc64le",
-    "linux/s390x"
-  ]
-}
\ No newline at end of file
diff --git a/docker/dockerfile/fail2ban/entrypoint.sh b/docker/dockerfile/fail2ban/entrypoint.sh
deleted file mode 100644
index 2412b55..0000000
--- a/docker/dockerfile/fail2ban/entrypoint.sh
+++ /dev/null
@@ -1,104 +0,0 @@
-#!/bin/bash
-
-TZ=${TZ:-UTC}
-
-F2B_LOG_TARGET=${F2B_LOG_TARGET:-STDOUT}
-F2B_LOG_LEVEL=${F2B_LOG_LEVEL:-INFO}
-F2B_DB_PURGE_AGE=${F2B_DB_PURGE_AGE:-1d}
-
-SSMTP_PORT=${SSMTP_PORT:-25}
-SSMTP_HOSTNAME=${SSMTP_HOSTNAME:-$(hostname -f)}
-SSMTP_TLS=${SSMTP_TLS:-NO}
-SSMTP_STARTTLS=${SSMTP_STARTTLS:-NO}
-
-# From https://github.com/docker-library/mariadb/blob/master/docker-entrypoint.sh#L21-L41
-# usage: file_env VAR [DEFAULT]
-#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
-  local var="$1"
-  local fileVar="${var}_FILE"
-  local def="${2:-}"
-  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
-    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-    exit 1
-  fi
-  local val="$def"
-  if [ "${!var:-}" ]; then
-    val="${!var}"
-  elif [ "${!fileVar:-}" ]; then
-    val="$(< "${!fileVar}")"
-  fi
-  export "$var"="$val"
-  unset "$fileVar"
-}
-
-# Timezone
-echo "Setting timezone to ${TZ}..."
-ln -snf /usr/share/zoneinfo/${TZ} /etc/localtime
-echo ${TZ} > /etc/timezone
-
-# SSMTP
-file_env 'SSMTP_PASSWORD'
-echo "Setting SSMTP configuration..."
-if [ -z "$SSMTP_HOST" ] ; then
-  echo "WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails"
-else
-  cat > /etc/ssmtp/ssmtp.conf <<EOL
-mailhub=${SSMTP_HOST}:${SSMTP_PORT}
-hostname=${SSMTP_HOSTNAME}
-FromLineOverride=YES
-UseTLS=${SSMTP_TLS}
-UseSTARTTLS=${SSMTP_STARTTLS}
-EOL
-  # Authentication to SMTP server is optional.
-  if [ -n "$SSMTP_USER" ] ; then
-    cat >> /etc/ssmtp/ssmtp.conf <<EOL
-AuthUser=${SSMTP_USER}
-AuthPass=${SSMTP_PASSWORD}
-EOL
-  fi
-fi
-unset SSMTP_HOST
-unset SSMTP_USER
-unset SSMTP_PASSWORD
-
-# Init
-echo "Initializing files and folders..."
-mkdir -p /data/db /data/action.d /data/filter.d /data/jail.d
-ln -sf /data/jail.d /etc/fail2ban/
-
-# Fail2ban conf
-echo "Setting Fail2ban configuration..."
-sed -i "s|logtarget =.*|logtarget = $F2B_LOG_TARGET|g" /etc/fail2ban/fail2ban.conf
-sed -i "s/loglevel =.*/loglevel = $F2B_LOG_LEVEL/g" /etc/fail2ban/fail2ban.conf
-sed -i "s/dbfile =.*/dbfile = \/data\/db\/fail2ban\.sqlite3/g" /etc/fail2ban/fail2ban.conf
-sed -i "s/dbpurgeage =.*/dbpurgeage = $F2B_DB_PURGE_AGE/g" /etc/fail2ban/fail2ban.conf
-sed -i "s/#allowipv6 =.*/allowipv6 = auto/g" /etc/fail2ban/fail2ban.conf
-
-# Check custom actions
-echo "Checking for custom actions in /data/action.d..."
-actions=$(ls -l /data/action.d | grep -E '^-' | awk '{print $9}')
-for action in ${actions}; do
-  if [ -f "/etc/fail2ban/action.d/${action}" ]; then
-    echo "  WARNING: ${action} already exists and will be overriden"
-    rm -f "/etc/fail2ban/action.d/${action}"
-  fi
-  echo "  Add custom action ${action}..."
-  ln -sf "/data/action.d/${action}" "/etc/fail2ban/action.d/"
-done
-
-# Check custom filters
-echo "Checking for custom filters in /data/filter.d..."
-filters=$(ls -l /data/filter.d | grep -E '^-' | awk '{print $9}')
-for filter in ${filters}; do
-  if [ -f "/etc/fail2ban/filter.d/${filter}" ]; then
-    echo "  WARNING: ${filter} already exists and will be overriden"
-    rm -f "/etc/fail2ban/filter.d/${filter}"
-  fi
-  echo "  Add custom filter ${filter}..."
-  ln -sf "/data/filter.d/${filter}" "/etc/fail2ban/filter.d/"
-done
-
-exec "$@"
\ No newline at end of file