From aa6628dd67914c2849781cfb738c7389434c9608 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 2 Jul 2014 18:33:11 +0200
Subject: Whitelist our IPs against fail2ban.

This is important as we don't want the IMAP server baning the webmail,
for instance.  (The fail2ban instance running next to the webmail should
ban the attacker, but that running next to the IMAP server shouldn't ban
legit users.)
---
 roles/common/templates/etc/fail2ban/jail.local.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/common/templates/etc/fail2ban/jail.local.j2 b/roles/common/templates/etc/fail2ban/jail.local.j2
index 7c5bc0e..b76ffbc 100644
--- a/roles/common/templates/etc/fail2ban/jail.local.j2
+++ b/roles/common/templates/etc/fail2ban/jail.local.j2
@@ -13,6 +13,9 @@ chain = fail2ban
 # Choose default action.
 action = %(action_)s
 
+# Don't ban ourselves.
+ignoreip = 127.0.0.0/8 {{ groups.all | sort | join(' ') }}
+
 #
 # JAILS
 #
-- 
cgit v1.2.3