forked from evolix/ansible-roles
fail2ban: fix fail2ban_ignore_ips definition
If the final variable is combined in the defaults file, it's component can be overridden, but the final variable can't be overriden.
This commit is contained in:
parent
77aeb60544
commit
012dabf657
|
@ -44,6 +44,7 @@ The **patch** part changes incrementally at each release.
|
||||||
### Fixed
|
### Fixed
|
||||||
* bind: chroot-bind.sh must not be executed in check mode
|
* bind: chroot-bind.sh must not be executed in check mode
|
||||||
* evoacme: fix module detection in apache config
|
* evoacme: fix module detection in apache config
|
||||||
|
* fail2ban: fix fail2ban_ignore_ips definition
|
||||||
* mysql-oracle: fix configuration directory variable
|
* mysql-oracle: fix configuration directory variable
|
||||||
* php: fpm slowlog needs an absolute path
|
* php: fpm slowlog needs an absolute path
|
||||||
* roundcube: add missing slash to https redirection
|
* roundcube: add missing slash to https redirection
|
||||||
|
|
|
@ -4,7 +4,6 @@ fail2ban_alert_email: Null
|
||||||
|
|
||||||
fail2ban_default_ignore_ips: []
|
fail2ban_default_ignore_ips: []
|
||||||
fail2ban_additional_ignore_ips: []
|
fail2ban_additional_ignore_ips: []
|
||||||
fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}"
|
|
||||||
|
|
||||||
fail2ban_wordpress: False
|
fail2ban_wordpress: False
|
||||||
fail2ban_roundcube: False
|
fail2ban_roundcube: False
|
||||||
|
|
|
@ -15,6 +15,9 @@
|
||||||
tags:
|
tags:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}"
|
||||||
|
|
||||||
- name: local jail is installed
|
- name: local jail is installed
|
||||||
template:
|
template:
|
||||||
src: jail.local.j2
|
src: jail.local.j2
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
[DEFAULT]
|
[DEFAULT]
|
||||||
|
|
||||||
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
|
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
|
||||||
ignoreip = {{ (['127.0.0.1/8'] + fail2ban_ignore_ips) | join(' ') }}
|
ignoreip = {{ ['127.0.0.1/8'] union(fail2ban_ignore_ips) | unique | join(' ') }}
|
||||||
|
|
||||||
bantime = 600
|
bantime = 600
|
||||||
maxretry = 3
|
maxretry = 3
|
||||||
|
|
Loading…
Reference in a new issue