# EvoLinux Fail2Ban config.

{% if fail2ban_override_jaillocal %}
# WARNING : THIS FILE IS (PROBABLY) ANSIBLE MANAGED AS IT WAS OVERWRITTEN BY ANSIBLE
{% endif %}

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = {{ ['127.0.0.1/8'] | union(fail2ban_ignore_ips) | unique | join(' ') }}

bantime  = {{ fail2ban_default_bantime }}
maxretry = {{ fail2ban_default_maxretry }}

destemail = {{ fail2ban_alert_email or general_alert_email | mandatory }}

# ACTIONS
banaction = iptables-multiport
action = %({{ fail2ban_default_action }})s


[sshd]
enabled = {{ fail2ban_sshd }}
port    = ssh,2222,22222

maxretry = {{ fail2ban_sshd_maxretry }}
findtime = {{ fail2ban_sshd_findtime }}
bantime = {{ fail2ban_sshd_bantime }}

[recidive]
enabled = {{ fail2ban_recidive }}

maxretry = {{ fail2ban_recidive_maxretry }}
findtime = {{ fail2ban_recidive_findtime }}
bantime = {{ fail2ban_recidive_bantime }}


# Evolix custom jails 

[wordpress-hard]
enabled = {{ fail2ban_wordpress_hard }}
port = http, https
filter = wordpress-hard
logpath = /var/log/auth.log
maxretry = {{ fail2ban_wordpress_hard_maxretry }}
findtime = {{ fail2ban_wordpress_hard_findtime }}
bantime = {{ fail2ban_wordpress_hard_bantime }}

[wordpress-soft]
enabled = {{ fail2ban_wordpress_soft }}
port = http, https
filter = wordpress-soft
logpath = /var/log/auth.log
maxretry = {{ fail2ban_wordpress_soft_maxretry }}
findtime = {{ fail2ban_wordpress_soft_findtime }}
bantime = {{ fail2ban_wordpress_soft_bantime }}

[roundcube]
enabled  = {{ fail2ban_roundcube }}
port     = http, https
filter   = roundcube
logpath  = /var/lib/roundcube/logs/errors
maxretry = {{ fail2ban_roundcube_maxretry }}
findtime = {{ fail2ban_roundcube_findtime }}
bantime = {{ fail2ban_roundcube_bantime }}