wibble

author: Guilhem Moulin <guilhem@fripost.org> 2014-07-20 20:43:26 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:53:15 +0200
commit: 3c334c128eceb7ed4cec537a09e6f72a1c8d3226 (patch)
tree: 36cac74fce43d4cf00a0c9629618a931969ed1c9
parent: b4f16967487e43448f4a2b28a14f4d67073843c9 (diff)
1 files changed, 0 insertions, 4 deletions
diff --git a/roles/common/templates/etc/fail2ban/jail.local.j2 b/roles/common/templates/etc/fail2ban/jail.local.j2
index c4ae284..415236f 100644
--- a/roles/common/templates/etc/fail2ban/jail.local.j2
+++ b/roles/common/templates/etc/fail2ban/jail.local.j2
@@ -2,44 +2,40 @@
 # Do NOT edit this file directly!
 
 [DEFAULT]
 
 # Destination email address used solely for the interpolations in
 # jail.{conf,local} configuration files.
 destemail = admin@fripost.org
 
 # Specify chain where jumps would need to be added in iptables-* actions
 chain = fail2ban
 
 # Choose default action.
 action = %(action_)s
 
 # Don't ban ourselves.
 ignoreip = 127.0.0.0/8 {{ groups.all | sort | join(' ') }}
 
 #
 # JAILS
 #
-# There is no risk to lock ourself out, since traffic between our machines goes
-# through IPSec, and these packets are accepted before having a chance to enter
-# fail2ban's chain.
-#
 
 [ssh]
 
 enabled  = true
 port     = {{ ansible_ssh_port|default('22') }}
 filter   = sshd
 logpath  = /var/log/auth.log
 maxretry = 5
 
 [ssh-ddos]
 
 enabled  = true
 port     = {{ ansible_ssh_port|default('22') }}
 filter   = sshd-ddos
 logpath  = /var/log/auth.log
 maxretry = 2
 
 
 # Generic filter for pam. Has to be used with action which bans all ports
 # such as iptables-allports, shorewall
author	Guilhem Moulin <guilhem@fripost.org>	2014-07-20 20:43:26 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:53:15 +0200
commit	3c334c128eceb7ed4cec537a09e6f72a1c8d3226 (patch)
tree	36cac74fce43d4cf00a0c9629618a931969ed1c9
parent	b4f16967487e43448f4a2b28a14f4d67073843c9 (diff)