diff options
| author |  Amrou Bellalouna <[email protected]> | 2024-05-31 17:36:59 +0200 |
|---|---|---|
| committer |  GitHub <[email protected]> | 2024-05-31 17:36:59 +0200 |
| commit | d647e9a425f8833a11cdf04e246d096892489e5b (patch) | |
| tree | e94dd67d348305b468e3c01556abd795933b2b1a | |
| parent | Add sudo.tls.pydis.wtf to allowed SANs for Prometheus (diff) | |
whitelist ips of netcup and linode servers (#326)
| -rw-r--r-- | ansible/roles/fail2ban/files/jail.local | 11 | ||||
| -rw-r--r-- | ansible/roles/fail2ban/tasks/main.yml | 4 | ||||
| -rw-r--r-- | ansible/roles/fail2ban/templates/jail.local.j2 | 16 |
3 files changed, 18 insertions, 13 deletions
diff --git a/ansible/roles/fail2ban/files/jail.local b/ansible/roles/fail2ban/files/jail.local deleted file mode 100644 index 67340da..0000000 --- a/ansible/roles/fail2ban/files/jail.local +++ /dev/null @@ -1,11 +0,0 @@ -[DEFAULT] -ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24 10.0.0.0/8 -bantime = 24h -maxretry = 3 -findtime = 2h -banaction = nftables -banaction_allports = nftables[type=allports] - -[sshd] -mode = aggressive -backend=systemd diff --git a/ansible/roles/fail2ban/tasks/main.yml b/ansible/roles/fail2ban/tasks/main.yml index 74a5442..e6695cd 100644 --- a/ansible/roles/fail2ban/tasks/main.yml +++ b/ansible/roles/fail2ban/tasks/main.yml @@ -7,8 +7,8 @@ - role::fail2ban - name: Copy fail2ban config - copy: - src: jail.local + template: + src: jail.local.j2 dest: /etc/fail2ban/jail.local owner: root group: root diff --git a/ansible/roles/fail2ban/templates/jail.local.j2 b/ansible/roles/fail2ban/templates/jail.local.j2 new file mode 100644 index 0000000..4dd8350 --- /dev/null +++ b/ansible/roles/fail2ban/templates/jail.local.j2 @@ -0,0 +1,16 @@ +[DEFAULT] +ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24 10.0.0.0/8 + # netcup ips + 89.58.26.118 2a03:4000:62:ce0:2496:aeff:fe97:dea4 89.58.25.151 2a03:4000:62:ce1:943b:b2ff:fef4:d3b7 + # linode ips + {{ lke_frankfurt_ipv4_addresses | join(" ") }} {{ lke_frankfurt_ipv6_addresses | join(" ") }} + +bantime = 24h +maxretry = 3 +findtime = 2h +banaction = nftables +banaction_allports = nftables[type=allports] + +[sshd] +mode = aggressive +backend=systemd |