Perform fail2ban bans directly via nftables

See upstream at https://github.com/fail2ban/fail2ban/commit/d0d07285234871bad3dc0c359d0ec03365b6dddc, this will be incorporated into Debian at the next release.
author: Johannes Christ <[email protected]> 2024-05-04 11:45:17 +0200
committer: jchristgit <[email protected]> 2024-05-04 11:56:37 +0200
commit: 28becb939f477ccb6a95a21db9f825a9f8198a49 (patch)
tree: 086bd062cd073a497ee81446d9015fa2c57b9cb2
parent: Skip tasks requiring all hosts when running with limit (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ansible/roles/fail2ban/files/jail.local b/ansible/roles/fail2ban/files/jail.local
index e6d2dc3..67340da 100644
--- a/ansible/roles/fail2ban/files/jail.local
+++ b/ansible/roles/fail2ban/files/jail.local
@@ -3,6 +3,8 @@ ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24 10.0.0.0/8
 bantime = 24h
 maxretry = 3
 findtime = 2h
+banaction = nftables
+banaction_allports = nftables[type=allports]
 
 [sshd]
 mode = aggressive
author	Johannes Christ <[email protected]>	2024-05-04 11:45:17 +0200
committer	jchristgit <[email protected]>	2024-05-04 11:56:37 +0200
commit	28becb939f477ccb6a95a21db9f825a9f8198a49 (patch)
tree	086bd062cd073a497ee81446d9015fa2c57b9cb2
parent	Skip tasks requiring all hosts when running with limit (diff)