DLNA Errors; jellyfin's documentation for fail2ban is false and not working

[Tone]

Looks like I could solve it with adding this to my docker file:

Code:

cap_add:
      - NET_BROADCAST

BUT
I noticed my original problem is still there (fail2ban doesn't work).
I know this is a jellyfin forum and not fail2ban, but the offical jellyfin documention provides a fail2ban filter and this is painfully slow (at least on my system).

This is my filter:

Code:

│$ cat /etc/fail2ban/filter.d/jellyfin.conf

[Definition]
failregex = ^.*Authentication request for .* has been denied \(IP: "<ADDR>"\)\.

And thats how long f2b need for 600 lines:

Code:

fail2ban-regex /var/lib/jellyfin/config/log/log_20251024.log "/etc/fail2ban/filter.d/jellyfin.conf" --print-all-matched


Running tests
=============

Use  failregex filter file : jellyfin, basedir: /etc/fail2ban
Use        log file : /var/lib/jellyfin/config/log/log_20251024.log
Use        encoding : UTF-8


Results
=======

Failregex: 1 total
|-  #) [# of hits] regular expression
|  1) [1] ^.*Authentication request for .* has been denied \(IP: "<ADDR>"\)\.
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [317] {^LN-BEG}ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|  ?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
|  [1] ExYear(?P<_sep>[-/.])Month(?P=_sep)Day(?:T|  ?)24hour:Minute:Second(?:[.,]Microseconds)?(?:\s*Zone offset)?
`-

Lines: 604 lines, 0 ignored, 1 matched, 603 missed
[processed in 79.86 sec]

|- Matched line(s):
|  [2025-10-24 07:59:19.118 +00:00] [INF] [56] Jellyfin.Server.Implementations.Users.UserManager: Authentication request for "erg" has been denied (IP: "192.168.10.146").
`-
Missed line(s): too many to print.  Use --print-all-missed to print all 603 lines

80 seconds!!

in comparison I tested the apache-auth filter:

Code:

fail2ban-regex /var/log/apache2/error.log /etc/fail2ban/filter.d/apache-auth.conf --print-all-matched


Running tests
=============

Use  failregex filter file : apache-auth, basedir: /etc/fail2ban
Use      datepattern : {^LN-BEG} : Default Detectors
Use        log file : /var/log/apache2/error.log
Use        encoding : UTF-8


Results
=======

Prefregex: 101 total
|  ^\[\]\s\[(:?error|(?!evasive)\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client (?:\[?(?:(?:::f{4,6}:)?(?P<ip4>(?:\d{1,3}\.){3}\d{1,3})|(?P<ip6>(?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):)))\]?|(?P<dns>[\w\-.^_]*\w))(:\d{1,5})?\] (?:AH\d+: )?(?P<content>.+)$
`-

Failregex: 79 total
|-  #) [# of hits] regular expression
|  1) [79] ^client (?:denied by server configuration|used wrong authentication scheme)\b
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [107] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-

Lines: 107 lines, 0 ignored, 79 matched, 28 missed
[processed in 0.01 sec]

Ok, just 100 line and not 600, but 0.01s vs 80s!

Looks like something is wrong here.



EDIT:
I completly removed my old logs and now it works fine. But my fail2ban-problem is still there.

But I think I finally found the reason, but still investigating how to fix it.

Code:

fail2ban-client status jellyfin

Status for the jail: jellyfin
|- Filter
|  |- Currently failed: 0
|  |- Total failed:    21
|  `- File list:        /var/lib/jellyfin/config/log/log_20251019.log /var/lib/jellyfin/config/log/log_20251018.log /var/lib/jellyfin/config/log/log_20251020.log
`- Actions
  |- Currently banned: 0
  |- Total banned:    1
  `- Banned IP list:

f2b does not update the file list. See, last file is log_20251020.log. but in reality my last log is log_20251024.log