forked from evolix/ansible-roles
fail2ban: custom ignoreip + add tags
This commit is contained in:
parent
f2d32c4fde
commit
8d4c1f4af5
|
@ -1,3 +1,4 @@
|
||||||
---
|
---
|
||||||
general_alert_email: "root@localhost"
|
general_alert_email: "root@localhost"
|
||||||
fail2ban_alert_email: Null
|
fail2ban_alert_email: Null
|
||||||
|
fail2ban_ignoreip: []
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
name: fail2ban
|
name: fail2ban
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
|
- fail2ban
|
||||||
- packages
|
- packages
|
||||||
|
|
||||||
- name: custom filters are installed
|
- name: custom filters are installed
|
||||||
|
@ -15,6 +16,8 @@
|
||||||
- dovecot-evolix.conf
|
- dovecot-evolix.conf
|
||||||
- sasl-evolix.conf
|
- sasl-evolix.conf
|
||||||
notify: restart fail2ban
|
notify: restart fail2ban
|
||||||
|
tags:
|
||||||
|
- fail2ban
|
||||||
|
|
||||||
- name: local jail is installed
|
- name: local jail is installed
|
||||||
template:
|
template:
|
||||||
|
@ -22,3 +25,5 @@
|
||||||
dest: /etc/fail2ban/jail.local
|
dest: /etc/fail2ban/jail.local
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: restart fail2ban
|
notify: restart fail2ban
|
||||||
|
tags:
|
||||||
|
- fail2ban
|
||||||
|
|
|
@ -3,7 +3,12 @@
|
||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
|
|
||||||
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
|
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
|
||||||
ignoreip = 127.0.0.1/8
|
ignoreip = \
|
||||||
|
{% for ip in fail2ban_ignoreip %}
|
||||||
|
{{ ip }}, \
|
||||||
|
{% endfor %}
|
||||||
|
127.0.0.1/8
|
||||||
|
|
||||||
bantime = 600
|
bantime = 600
|
||||||
maxretry = 3
|
maxretry = 3
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue