Hello,
I’ve been to harden my security around the vaultwarden instance and currently unable to get the iptables working. The ban on Cloudflares side is working fine, although for some reason the iptables will never block the requests.
I have the following action defined to block the connection, since CFs firewalls need a bit longer to update and block the connection.
[Definition]
actionban = ip6tables -I INPUT -m string --algo bm --string 'Cf-Connecting-Ip: <ip>' -j DROP
actionunban = ip6tables -D INPUT -m string --algo bm --string 'Cf-Connecting-Ip: <ip>' -j DROP
This definition triggers and is set in the iptables, but doesn’t block the attacker IP, they are able to continue the brute force until the firewall is updated on CF’s end and blocks the connection. There are no error logs indicating there is something misconfigured, the IP in the iptables is also correct.