fail2ban: fix fail2ban_ignore_ips definition
If the final variable is combined in the defaults file, it's component can be overridden, but the final variable can't be overriden.
This commit is contained in:
parent
77aeb60544
commit
012dabf657
|
@ -44,6 +44,7 @@ The **patch** part changes incrementally at each release.
|
|||
### Fixed
|
||||
* bind: chroot-bind.sh must not be executed in check mode
|
||||
* evoacme: fix module detection in apache config
|
||||
* fail2ban: fix fail2ban_ignore_ips definition
|
||||
* mysql-oracle: fix configuration directory variable
|
||||
* php: fpm slowlog needs an absolute path
|
||||
* roundcube: add missing slash to https redirection
|
||||
|
|
|
@ -4,7 +4,6 @@ fail2ban_alert_email: Null
|
|||
|
||||
fail2ban_default_ignore_ips: []
|
||||
fail2ban_additional_ignore_ips: []
|
||||
fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}"
|
||||
|
||||
fail2ban_wordpress: False
|
||||
fail2ban_roundcube: False
|
||||
|
|
|
@ -15,6 +15,9 @@
|
|||
tags:
|
||||
- fail2ban
|
||||
|
||||
- set_fact:
|
||||
fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}"
|
||||
|
||||
- name: local jail is installed
|
||||
template:
|
||||
src: jail.local.j2
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
[DEFAULT]
|
||||
|
||||
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
|
||||
ignoreip = {{ (['127.0.0.1/8'] + fail2ban_ignore_ips) | join(' ') }}
|
||||
ignoreip = {{ ['127.0.0.1/8'] union(fail2ban_ignore_ips) | unique | join(' ') }}
|
||||
|
||||
bantime = 600
|
||||
maxretry = 3
|
||||
|
|
Loading…
Reference in a new issue