Whitelist our IPs against fail2ban.

This is important as we don't want the IMAP server baning the webmail, for instance. (The fail2ban instance running next to the webmail should ban the attacker, but that running next to the IMAP server shouldn't ban legit users.)
author: Guilhem Moulin <guilhem@fripost.org> 2014-07-02 18:33:11 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:52:16 +0200
commit: aa6628dd67914c2849781cfb738c7389434c9608 (patch)
tree: fbef780f89b332a319ba73637b9bc2a368ec279b
parent: 7a5cc5032b036f110a19b899cfc264065b473ed1 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/roles/common/templates/etc/fail2ban/jail.local.j2 b/roles/common/templates/etc/fail2ban/jail.local.j2
index 7c5bc0e..b76ffbc 100644
--- a/roles/common/templates/etc/fail2ban/jail.local.j2
+++ b/roles/common/templates/etc/fail2ban/jail.local.j2
@@ -13,6 +13,9 @@ chain = fail2ban
 # Choose default action.
 action = %(action_)s
 
+# Don't ban ourselves.
+ignoreip = 127.0.0.0/8 {{ groups.all | sort | join(' ') }}
+
 #
 # JAILS
 #
author	Guilhem Moulin <guilhem@fripost.org>	2014-07-02 18:33:11 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:52:16 +0200
commit	aa6628dd67914c2849781cfb738c7389434c9608 (patch)
tree	fbef780f89b332a319ba73637b9bc2a368ec279b
parent	7a5cc5032b036f110a19b899cfc264065b473ed1 (diff)