[BUG] IPs are banned but can still access the server/apps

[ngthwi]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

IPs are banned but can still access the server/apps.

There are errors in fail2ban.log

2024-04-24 07:40:57,607 fail2ban.utils          [756]: ERROR   7fe721dda3a0 -- exec: { iptables -w -C f2b-bitwarden -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-bitwarden || true; iptables -w -A f2b-bitwarden -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C INPUT -p $proto -j f2b-bitwarden >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -j f2b-bitwarden; }
done
2024-04-24 07:40:57,607 fail2ban.utils          [756]: ERROR   7fe721dda3a0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-04-24 07:40:57,608 fail2ban.utils          [756]: ERROR   7fe721dda3a0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-04-24 07:40:57,608 fail2ban.utils          [756]: ERROR   7fe721dda3a0 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-04-24 07:40:57,608 fail2ban.utils          [756]: ERROR   7fe721dda3a0 -- returned 4
2024-04-24 07:40:57,608 fail2ban.actions        [756]: ERROR   Failed to execute ban jail 'bitwarden' action 'iptables-allports' info 'ActionInfo({'ip': 'xxx.xxx.xxx.xxx', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7fe721dce480>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7fe721dcec00>})': Error starting action Jail('bitwarden')/iptables-allports: 'Script error'

Expected Behavior

A banned IP shouldn't be able to access the server.

Steps To Reproduce

1. Access my bitwarden instance
2. Do 3 unsuccessful login attempts (max retry is 3 in jail.local
3. Bitwarden is still accessible

Tried also to override fail2ban/action.d/iptables.conf with a 'iptables.local` (from sosandroid/docker-fail2ban-synology) containing but it doesn't work either:

[Init]
blocktype = DROP
[Init?family=inet6]
blocktype = DROP

Environment

- OS: Synology DSM 7.2
- How docker service was installed: package manager
- swag container is on a macvlan and the logged IPs are the "real" ones

CPU architecture

x86-64

Docker creation

version: "2"

services:
  swag:
    image: linuxserver/swag
    container_name: swag
    cap_add:
      - NET_ADMIN
    labels:
      - com.centurylinklabs.watchtower.enable=true
    environment:
      - PUID=xxx
      - PGID=xxx
      - TZ=xxx/xxx
      - DOCKER_MODS=linuxserver/mods:swag-dashboard|linuxserver/mods:swag-dbip
      - URL=mydomain.duckdns.org
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN=duckdns
      - EMAIL=
    volumes:
      - /volume1/docker/swag/config:/config
      - /volume1/docker/swag/tmp:/var/lib/nginx/tmp
    restart: unless-stopped
    networks:
      mymacvlan-network:
        ipv4_address: 192.168.xxx.xxx

networks:
   mymacvlan-network:
      external: true

Container logs

[mod-init] Running Docker Modification Logic
[mod-init] Adding linuxserver/mods:swag-dashboard to container
[mod-init] linuxserver/mods:swag-dashboard at sha256:71c6dd5d43e9202721c5d880ad7ffde14c610f45266ca74044464c2b6e4cc07d has been previously applied skipping
[mod-init] Adding linuxserver/mods:swag-dbip to container
[mod-init] linuxserver/mods:swag-dbip at sha256:030971d1da84c696a68f83198102981bef5c9a37aa54666e48915723ecd50a70 has been previously applied skipping
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done
usermod: no changes
───────────────────────────────────────
      ██╗     ███████╗██╗ ██████╗
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝
   Brought to you by linuxserver.io
───────────────────────────────────────
To support the app dev(s) visit:
Certbot: https://supporters.eff.org/donate/support-work-on-certbot
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID:    xxx
User GID:    xxx
───────────────────────────────────────
using keys found in /config/keys
Variables set:
�
7
PGID=xxx
TZ=xxx/xxx
URL=mydomain.duckdns.org
SUBDOMAINS=wildcard
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
VALIDATION=dns
CERTPROVIDER=
DNSPLUGIN=duckdns
EMAIL=
STAGING=
the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use www.subdomain.duckdns.org
Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Wildcard cert for mydomain.duckdns.org will be requested
No e-mail address entered or address invalid
dns validation via duckdns plugin is selected
Certificate exists; parameters unchanged; starting nginx
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
Applying the dbip mod...
**** Applying the SWAG dashboard mod... ****
Applied the dbip mod
**** goaccess already installed, skipping ****
**** libmaxminddb already installed, skipping ****
**** Applied the SWAG dashboard mod ****
[custom-init] No custom files found, skipping...
[ls.io-init] done.
�
Server ready

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[j0nnymoe]

This might be out of our control as it does depend on some packages within the Host OS itself. Would need to do some testing.

[ngthwi]

It seems there's a fix (or potential pull request) by using iptables-legacy see. https://github.com/crazy-max/docker-fail2ban

[piciuok]

Same problems on latest QTS 5.1 Qnap firmware.
Before i migrate to swag i was using crazy-max package and all works fine

[Sebboost1]

Same for me, Synology (BSD?) host have an issue with new iptable. Can you implement Environment variables for choose between new or legacy Iptables please?

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[marblepebble]

I was hitting the same issue, and made a PR. I'm using my version on my Qnap and it's working for me now.

(PS. Maybe making a PR for an issue should count as "activity"?)

[Sebboost1]

Hello.
I have always this bug:

2024-07-21 16:58:16,309 fail2ban.actions        [830]: NOTICE  [nginx-unauthorized] Restore Ban 78.XXX.XXX.XXX
2024-07-21 16:58:16,634 fail2ban.utils          [830]: ERROR   7f3135685a30 -- exec: { iptables -w -C f2b-nginx-unauthorized -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-nginx-unauthorized || true; iptables -w -A f2b-nginx-unauthorized -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C INPUT -p $proto -j f2b-nginx-unauthorized >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -j f2b-nginx-unauthorized; }
done
2024-07-21 16:58:16,634 fail2ban.utils          [830]: ERROR   7f3135685a30 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-07-21 16:58:16,634 fail2ban.utils          [830]: ERROR   7f3135685a30 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-07-21 16:58:16,634 fail2ban.utils          [830]: ERROR   7f3135685a30 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-07-21 16:58:16,635 fail2ban.utils          [830]: ERROR   7f3135685a30 -- returned 4
2024-07-21 16:58:16,635 fail2ban.actions        [830]: ERROR   Failed to execute ban jail 'nginx-unauthorized' action 'iptables-allports-modif' info 'ActionInfo({'ip': '78.243.250.207', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f31356adb20>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f31356ae2a0>})': Error starting action Jail('nginx-unauthorized')/iptables-allports-modif: 'Script error'
2024-07-21 16:58:29,367 fail2ban.filter         [830]: INFO    [nginx-unauthorized] Found 78.XXX.XXX.XXX - 2024-07-21 16:58:29
2024-07-21 16:58:32,571 fail2ban.filter         [830]: INFO    [nginx-unauthorized] Found 78.XXX.XXX.XXX - 2024-07-21 16:58:32
2024-07-21 16:58:35,174 fail2ban.filter         [830]: INFO    [nginx-unauthorized] Found 78.XXX.XXX.XXX - 2024-07-21 16:58:34
2024-07-21 16:58:39,179 fail2ban.filter         [830]: INFO    [nginx-unauthorized] Found 78.XXX.XXX.XXX - 2024-07-21 16:58:38
2024-07-21 16:58:39,250 fail2ban.actions        [830]: NOTICE  [nginx-unauthorized] Ban 78.XXX.XXX.XXX
2024-07-21 16:58:39,264 fail2ban.utils          [830]: ERROR   7f3135685a30 -- exec: { iptables -w -C f2b-nginx-unauthorized -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-nginx-unauthorized || true; iptables -w -A f2b-nginx-unauthorized -j RETURN; }
for proto in $(echo 'tcp' | sed 's/,/ /g'); do
{ iptables -w -C INPUT -p $proto -j f2b-nginx-unauthorized >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -j f2b-nginx-unauthorized; }
done
2024-07-21 16:58:39,265 fail2ban.utils          [830]: ERROR   7f3135685a30 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-07-21 16:58:39,265 fail2ban.utils          [830]: ERROR   7f3135685a30 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-07-21 16:58:39,265 fail2ban.utils          [830]: ERROR   7f3135685a30 -- stderr: 'iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument'
2024-07-21 16:58:39,265 fail2ban.utils          [830]: ERROR   7f3135685a30 -- returned 4
2024-07-21 16:58:39,265 fail2ban.actions        [830]: ERROR   Failed to execute ban jail 'nginx-unauthorized' action 'iptables-allports-modif' info 'ActionInfo({'ip': '78.XXX.XXX.XXX', 'family': 'inet4', 'fid': <function Actions.ActionInfo.<lambda> at 0x7f31356adb20>, 'raw-ticket': <function Actions.ActionInfo.<lambda> at 0x7f31356ae2a0>})': Error starting action Jail('nginx-unauthorized')/iptables-allports-modif: 'Script error'

new iptables "v1.8.X" don't support BSD host and atlernative of BSD host (like DSM Os or Qnap OS). We need an argument for choose between legacy iptables and nf iptables like crazymax fail2ban container.

Swag 2.7.4 work always but don't refresh SSL cert.

[Sebboost1]

Solution found for Synology DSM 7.2 (and other alternate Linux BSD) .

1. Re-Install Iptables-legacy on your Swag Apline docker:
   Enter this command in terminal:
   apk add iptables-legacy
   (You must repeat this action each update of swag)

2. I copy my file \config\fail2ban\action.d\iptables.conf and rename to iptables-legacy.conf
   I change the content by (All "iptables" are replace by "iptables-legacy" and blocktype is changed by DROP because REJECT use ICMP packet, not allowed by host ) :

# Fail2Ban configuration file
#
# Authors: Sergey G. Brester (sebres), Cyril Jaquier, Daniel Black, 
#          Yaroslav O. Halchenko, Alexander Koeppe et al.
#

[Definition]

# Option:  type
# Notes.:  type of the action.
# Values:  [ oneport | multiport | allports ]  Default: oneport
#
type = oneport

# Option:  actionflush
# Notes.:  command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action)
# Values:  CMD
#
actionflush = <iptables-legacy> -F f2b-<name>

# Option:  actionstart
# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values:  CMD
#
actionstart = { <iptables-legacy> -C f2b-<name> -j <returntype> >/dev/null 2>&1; } || { <iptables-legacy> -N f2b-<name> || true; <iptables-legacy> -A f2b-<name> -j <returntype>; }
              <_ipt_add_rules>

# Option:  actionstop
# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
# Values:  CMD
#
actionstop = <_ipt_del_rules>
             <actionflush>
             <iptables-legacy> -X f2b-<name>

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck = <_ipt_check_rules>

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = <iptables-legacy> -I f2b-<name> 1 -s <ip> -j <blocktype>

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban = <iptables-legacy> -D f2b-<name> -s <ip> -j <blocktype>

# Option:  pre-rule
# Notes.:  prefix parameter(s) inserted to the begin of rule. No default (empty)
#
pre-rule =

rule-jump = -j <_ipt_rule_target>

# Several capabilities used internaly:

_ipt_for_proto-iter = for proto in $(echo '<protocol>' | sed 's/,/ /g'); do
_ipt_for_proto-done = done

_ipt_add_rules = <_ipt_for_proto-iter>
              { %(_ipt_check_rule)s >/dev/null 2>&1; } || { <iptables-legacy> -I <chain> %(_ipt_chain_rule)s; }
              <_ipt_for_proto-done>

_ipt_del_rules = <_ipt_for_proto-iter>
              <iptables-legacy> -D <chain> %(_ipt_chain_rule)s
              <_ipt_for_proto-done>

_ipt_check_rules = <_ipt_for_proto-iter>
              %(_ipt_check_rule)s
              <_ipt_for_proto-done>

_ipt_chain_rule = <pre-rule><ipt_<type>/_chain_rule>
_ipt_check_rule = <iptables-legacy> -C <chain> %(_ipt_chain_rule)s
_ipt_rule_target = f2b-<name>

[ipt_oneport]

_chain_rule = -p $proto --dport <port> <rule-jump>

[ipt_multiport]

_chain_rule = -p $proto -m multiport --dports <port> <rule-jump>

[ipt_allports]

_chain_rule = -p $proto <rule-jump>


[Init]

# Option:  chain
# Notes    specifies the iptables-legacy chain to which the Fail2Ban rules should be
#          added
# Values:  STRING  Default: INPUT
chain = INPUT

# Default name of the chain
#
name = default

# Option:  port
# Notes.:  specifies port to monitor
# Values:  [ NUM | STRING ]  Default:
#
port = ssh

# Option:  protocol
# Notes.:  internally used by config reader for interpolations.
# Values:  [ tcp | udp | icmp | all ] Default: tcp
#
protocol = tcp

# Option:  blocktype
# Note:    This is what the action does with rules. This can be any jump target
#          as per the iptables-legacy man page (section 8). Common values are DROP
#          REJECT, REJECT --reject-with icmp-port-unreachable
# Values:  STRING
blocktype = DROP

# Option:  returntype
# Note:    This is the default rule on "actionstart". This should be RETURN
#          in all (blocking) actions, except REJECT in allowing actions.
# Values:  STRING
returntype = RETURN

# Option:  lockingopt
# Notes.:  Option was introduced to iptables-legacy to prevent multiple instances from
#          running concurrently and causing irratic behavior.  -w was introduced
#          in iptables-legacy 1.4.20, so might be absent on older systems
#          See https://github.com/fail2ban/fail2ban/issues/1122
# Values:  STRING
lockingopt = -w

# Option:  iptables-legacy
# Notes.:  Actual command to be executed, including common to all calls options
# Values:  STRING
iptables-legacy = iptables-legacy <lockingopt>


[Init?family=inet6]

# Option:  blocktype (ipv6)
# Note:    This is what the action does with rules. This can be any jump target
#          as per the iptables-legacy man page (section 8). Common values are DROP
#          REJECT, REJECT --reject-with icmp6-port-unreachable
# Values:  STRING
blocktype = DROP

# Option:  iptables-legacy (ipv6)
# Notes.:  Actual command to be executed, including common to all calls options
# Values:  STRING
iptables-legacy = ip6tables <lockingopt>

3. I copy this files:
   iptables.conf
   iptables-allports.conf
   iptables-ipset.conf
   iptables-ipset-proto4.conf
   iptables-ipset-proto6.conf
   iptables-ipset-proto6-allports.conf
   iptables-multiport.conf
   iptables-multiport-log.conf
   iptables-new.conf
   iptables-xt_recent-echo.conf

4. Rename copy by:
   iptables-legacy.conf
   iptables-legacy-allports.conf
   iptables-legacy-ipset.conf
   iptables-legacy-ipset-proto4.conf
   iptables-legacy-ipset-proto6.conf
   iptables-legacy-ipset-proto6-allports.conf
   iptables-legacy-multiport.conf
   iptables-legacy-multiport-log.conf
   iptables-legacy-new.conf
   iptables-legacy-xt_recent-echo.conf

5. I must remplace all "iptables" to "iptable-legacy" for coherence on all this new files:
   iptables-legacy.conf
   iptables-legacy-allports.conf
   iptables-legacy-ipset.conf
   iptables-legacy-ipset-proto4.conf
   iptables-legacy-ipset-proto6.conf
   iptables-legacy-ipset-proto6-allports.conf
   iptables-legacy-multiport.conf
   iptables-legacy-multiport-log.conf
   iptables-legacy-new.conf
   iptables-legacy-xt_recent-echo.conf

6. On jail.local
   banaction = iptables-legacy-allports.conf

And now it work for me with the last swag container version on my Synology dsm 7.2

[pXius]

Having the same issue running on UNRAID.

[Sebboost1]

I was hitting the same issue, and made a PR. I'm using my version on my Qnap and it's working for me now.

(PS. Maybe making a PR for an issue should count as "activity"?)

What do you do for it work on your Qnap?

[marblepebble]

What do you do for it work on your Qnap?

I forked the repository, fixed the issue and rebuilt the docker image. I am currently running the image build from my fork on my Qnap.
My repository is at https://github.com/marblepebble/docker-swag if you're desperate, but the pull request has been reviewed so the fix will probably appear in this repository at some point.

[Sebboost1]

What do you do for it work on your Qnap?

I forked the repository, fixed the issue and rebuilt the docker image. I am currently running the image build from my fork on my Qnap. My repository is at https://github.com/marblepebble/docker-swag if you're desperate, but the pull request has been reviewed so the fix will probably appear in this repository at some point.

Thanks for this fork. It's good idead.
I dont know how use it automaticaly on my NAS Syno.
Since today, I enter "add apk iptables-legacy" after each update.

I hope this fix will integrate the linuxserver repos.

[Cr4zyy]

While this has been marked as closed it seems to still have issues for myself after updating.

Linuxserver.io version: 2.11.0-ls316 Build-date: 2024-08-07T12:30:40+00:00

iptables-legacy is present, and being used instead of iptables but I still have access to the hosted pages even after being banned on an ipv4 address. ipv6 however fails at being banned all together.

fail2ban.log

2024-08-07 17:46:00,808 fail2ban.actions [946]: NOTICE [custom] Restore Ban 2a03:::::::****
2024-08-07 17:46:00,813 fail2ban.utils [946]: ERROR 14db59f0c2b0 -- exec: iptables-legacy -w -I f2b-custom 1 -s 2a03:::::::**** -j DROP
2024-08-07 17:46:00,813 fail2ban.utils [946]: ERROR 14db59f0c2b0 -- stderr: "iptables v1.8.10 (legacy): host/network 2a03:****:****:****:****:****:****:****' not found" 2024-08-07 17:46:00,813 fail2ban.utils [946]: ERROR 14db59f0c2b0 -- stderr: "Try iptables -h' or 'iptables --help' for more information."
2024-08-07 17:46:00,813 fail2ban.utils [946]: ERROR 14db59f0c2b0 -- returned 2
2024-08-07 17:46:00,824 fail2ban.utils [946]: ERROR 14db59f0c330 -- exec: iptables-legacy -w -I f2b-custom 1 -s 2a03:::::::**** -j DROP
2024-08-07 17:46:00,824 fail2ban.utils [946]: ERROR 14db59f0c330 -- stderr: "iptables v1.8.10 (legacy): host/network 2a03:****:****:****:****:****:****:****' not found" 2024-08-07 17:46:00,825 fail2ban.utils [946]: ERROR 14db59f0c330 -- stderr: "Try iptables -h' or 'iptables --help' for more information."
2024-08-07 17:46:00,825 fail2ban.utils [946]: ERROR 14db59f0c330 -- returned 2
2024-08-07 17:46:00,825 fail2ban.actions [946]: ERROR Failed to execute ban jail 'custom' action 'iptables-legacy-allports' info 'ActionInfo({'ip': '2a03:::::::', 'family': 'inet6', 'fid': <function Actions.ActionInfo. at 0x14db5a6c63e0>, 'raw-ticket': <function Actions.ActionInfo. at 0x14db5a6c6b60>})': Error banning 2a03:::::::

Meanwhile ipv4 gets banned properly:
2024-08-07 17:51:36,724 fail2ban.filter [946]: INFO [custom] Found 146.***.***.*** - 2024-08-07 17:51:36 2024-08-07 17:51:36,905 fail2ban.actions [946]: NOTICE [custom] Ban 146.***.***.***

But the access.log shows the initial detected entry "banme.php" but access persists

146...*** - - [07/Aug/2024:17:51:36 +0100] "GET /banme.php HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:51:42 +0100] "GET / HTTP/1.1" 200 9420 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:35 +0100] "GET /highslide/graphics/icon.gif HTTP/1.1" 200 867 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:35 +0100] "GET /highslide/graphics/controlbar-text-buttons.png HTTP/1.1" 200 1300 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:36 +0100] "GET /highslide/graphics/loader.white.gif HTTP/1.1" 200 673 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:36 +0100] "GET /highslide/graphics/controlbar-black-border.gif HTTP/1.1" 200 5109 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:36 +0100] "GET /highslide/graphics/closeX.png HTTP/1.1" 200 3665 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:36 +0100] "GET /highslide/graphics/resize.gif HTTP/1.1" 200 70 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:36 +0100] "GET /highslide/graphics/controlbar-white.gif HTTP/1.1" 200 4999 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:36 +0100] "GET /highslide/graphics/controlbar-white-small.gif HTTP/1.1" 200 3151 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:36 +0100] "GET /highslide/graphics/zoomin.cur HTTP/1.1" 200 326 "" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:36 +0100] "GET /highslide/graphics/fullexpand.gif HTTP/1.1" 200 209 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:36 +0100] "GET /highslide/graphics/close.png HTTP/1.1" 200 1910 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"
146...*** - - [07/Aug/2024:17:52:36 +0100] "GET /highslide/graphics/scrollarrows.png HTTP/1.1" 200 6463 "-" "Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0"

Base system is Unraid 6.12.11.

[drizuid]

go on discord or the forum for support, this is a configuration issue, not a container issue. you will need to provide your container logs beginning with our ascii logo and your docker run.