summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc/fail2ban/jail.local.j2
blob: 3cd19cc6d74aeec5b5baa17c1db79225dc14e500 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# {{ ansible_managed }}
# Do NOT edit this file directly!

[DEFAULT]

# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = admin@fripost.org

# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.0/8, ::1, {{ ipsec_subnet }}

banaction = nftables-allports

# must match nftables.conf's blackholes timeouts
bantime = 10m

#
# JAILS
#

[sshd]
enabled = true

[postfix]
enabled = {{ 'MX' in group_names }}

[dovecot]
enabled = {{ 'IMAP' in group_names }}

[postfix-sasl]
enabled  = {{ 'MSA' in group_names }}

[roundcube-auth]
enabled = {{ 'webmail' in group_names }}
logpath = /var/log/roundcube/errors.log

[nextcloud]
enabled = {{ 'nextcloud' in group_names }}
port    = http,https
filter  = nextcloud
logpath = /var/log/nextcloud/nextcloud.log

# vim: set filetype=dosini :