I did’nt succeeded to make Cockpit work with my configuration.
Once the script edited and written.

make it set at boot by iptables-persistent

Save the rules in the following commands (I had to do it from the host through the command

lxc exec faminet – /bin/bash)

iptables-save >/etc/iptables/rules.v4
ip6tables-save >/etc/iptables/rules.v6

update IPtables config

dpkg-reconfigure iptables-persistent

service netfilter-persistent save

services’s activation

service netfilter-persistent reload

####### Fail2ban ######################################################################

fail2ban to protect OPENVPN

HOWTO fail2ban with OpenVPN - Fail2ban

Fail2ban on Debian Buster - the right way to configure? - Server Fault

apt-get install fail2ban
dpkg-reconfigure fail2ban

It requires to create a profile for OpenVPN

cd /etc/fail2ban/filter.d
sudo nano openvpn.local

then create and edit a “jail” file :

cd /etc/fail2ban/jail.d
sudo nano LxcFreedomBox-f2b.conf
# → here is the template

/etc/fail2ban/jail.d/LxcFreedomBox.conf

[DEFAULT]
ignoreip = 127.0.0.1 LLL.AAA.NNN.0/24 VVV.PPP.NNN.0/24
findtime = 10m
bantime = 48h
maxretry = 5

[sshd]
enabled = true
port = 22
protocol = tcp
filter = sshd
logpath = /var/log/auth.log
maxretry = 10

[openvpn]
enabled = true
port = 1194
protocol = udp
filter = openvpn
logpath = /var/log/openvpn/log
maxretry = 10

[apache-auth]
enabled = true

In order to make fail2ban work in this “containerized” setup is to do the following :

modify the “backend” parameter in /etc/fail2ban/jail.conf so that Fail2ban can read systemd’s log journals :

backend = systemd

then copy jail.conf

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

and restart fail2ban:

sudo systemctl restart fail2ban

then check

admin@LxcFreedomBox:~$ sudo service fail2ban status
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-04-10 20:32:47 CEST; 31s ago