From df308b0396c59af329df32d5e72c7fdc7a17c351 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 9 Jan 2019 16:44:16 +0100 Subject: [PATCH] fail2ban: fix "ignoreip" update --- CHANGELOG.md | 1 + fail2ban/tasks/ip_whitelist.yml | 8 ++++++-- fail2ban/tasks/main.yml | 4 +++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b1e9a679..c07fdd21 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ The **patch** part changes incrementally at each release. * evocheck: update evocheck.sh for source install ### Fixed +* fail2ban: fix "ignoreip" update * metricbeat: fix username/password replacement * nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true) * nginx: Munin url config is now a template to insert the server-status prefix diff --git a/fail2ban/tasks/ip_whitelist.yml b/fail2ban/tasks/ip_whitelist.yml index 3bdd05f3..77f7c21c 100644 --- a/fail2ban/tasks/ip_whitelist.yml +++ b/fail2ban/tasks/ip_whitelist.yml @@ -1,9 +1,13 @@ --- + +- set_fact: + fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}" + - name: Update ignoreips lists ini_file: dest: /etc/fail2ban/jail.local - section: "[DEFAULT]" - option: "ignoreips" + section: "DEFAULT" + option: "ignoreip" value: "{{ fail2ban_ignore_ips | join(' ') }}" notify: restart fail2ban tags: diff --git a/fail2ban/tasks/main.yml b/fail2ban/tasks/main.yml index 9dd89aeb..6e97fb2d 100644 --- a/fail2ban/tasks/main.yml +++ b/fail2ban/tasks/main.yml @@ -16,7 +16,9 @@ - fail2ban - set_fact: - fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}" + fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}" + tags: + - fail2ban - name: local jail is installed template: