forked from evolix/ansible-roles
fail2ban: custom ignoreip + add tags
This commit is contained in:
parent
f2d32c4fde
commit
8d4c1f4af5
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
general_alert_email: "root@localhost"
|
||||
fail2ban_alert_email: Null
|
||||
fail2ban_ignoreip: []
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
name: fail2ban
|
||||
state: present
|
||||
tags:
|
||||
- fail2ban
|
||||
- packages
|
||||
|
||||
- name: custom filters are installed
|
||||
|
@ -15,6 +16,8 @@
|
|||
- dovecot-evolix.conf
|
||||
- sasl-evolix.conf
|
||||
notify: restart fail2ban
|
||||
tags:
|
||||
- fail2ban
|
||||
|
||||
- name: local jail is installed
|
||||
template:
|
||||
|
@ -22,3 +25,5 @@
|
|||
dest: /etc/fail2ban/jail.local
|
||||
mode: "0644"
|
||||
notify: restart fail2ban
|
||||
tags:
|
||||
- fail2ban
|
||||
|
|
|
@ -3,7 +3,12 @@
|
|||
[DEFAULT]
|
||||
|
||||
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
|
||||
ignoreip = 127.0.0.1/8
|
||||
ignoreip = \
|
||||
{% for ip in fail2ban_ignoreip %}
|
||||
{{ ip }}, \
|
||||
{% endfor %}
|
||||
127.0.0.1/8
|
||||
|
||||
bantime = 600
|
||||
maxretry = 3
|
||||
|
||||
|
|
Loading…
Reference in a new issue