I am searching for a firewall for my self hosted services. It should be conpatible with docker, podman and native running services. I should block clients with to many fauled authentication attempts. It should also support blocklists and be as easy to configure as possible (and foss ofc). I took a short look at fail2ban, but the github docs are just lacking so much information that I was looking for (like how to configure it). CrowdSec lookes not foss enough for me.
Any recommendations? Maybe some fail2ban guide?
Well, it wouldn’t hurt anything to install fail2ban and enable the popular templates, but it sounds like you might need to explain your service layout and how it’s exposed to the web before anyone can suggest a security measure.
Generally in the self-hosted space there are two common approaches: set up a VPN into your network for your trusted devices, or set up a reverse-proxy with a trusted tunneling proxy like cloudflare.
That you are seeing “attack attempts” in your caddy logs should be elaborated as well. What exactly are you seeing?