diff options
| -rw-r--r-- | roles/common/templates/etc/fail2ban/jail.local.j2 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/roles/common/templates/etc/fail2ban/jail.local.j2 b/roles/common/templates/etc/fail2ban/jail.local.j2 index 7c5bc0e..b76ffbc 100644 --- a/roles/common/templates/etc/fail2ban/jail.local.j2 +++ b/roles/common/templates/etc/fail2ban/jail.local.j2 @@ -1,35 +1,38 @@ # {{ ansible_managed }} # Do NOT edit this file directly! [DEFAULT] # Destination email address used solely for the interpolations in # jail.{conf,local} configuration files. destemail = admin@fripost.org # Specify chain where jumps would need to be added in iptables-* actions chain = fail2ban # Choose default action. action = %(action_)s +# Don't ban ourselves. +ignoreip = 127.0.0.0/8 {{ groups.all | sort | join(' ') }} + # # JAILS # # There is no risk to lock ourself out, since traffic between our machines goes # through IPSec, and these packets are accepted before having a chance to enter # fail2ban's chain. # [ssh] enabled = true port = {{ ansible_ssh_port|default('22') }} filter = sshd logpath = /var/log/auth.log maxretry = 5 [ssh-ddos] enabled = true port = {{ ansible_ssh_port|default('22') }} |