From aa6628dd67914c2849781cfb738c7389434c9608 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 2 Jul 2014 18:33:11 +0200 Subject: Whitelist our IPs against fail2ban. This is important as we don't want the IMAP server baning the webmail, for instance. (The fail2ban instance running next to the webmail should ban the attacker, but that running next to the IMAP server shouldn't ban legit users.) --- roles/common/templates/etc/fail2ban/jail.local.j2 | 3 +++ 1 file changed, 3 insertions(+) (limited to 'roles/common') diff --git a/roles/common/templates/etc/fail2ban/jail.local.j2 b/roles/common/templates/etc/fail2ban/jail.local.j2 index 7c5bc0e..b76ffbc 100644 --- a/roles/common/templates/etc/fail2ban/jail.local.j2 +++ b/roles/common/templates/etc/fail2ban/jail.local.j2 @@ -13,6 +13,9 @@ chain = fail2ban # Choose default action. action = %(action_)s +# Don't ban ourselves. +ignoreip = 127.0.0.0/8 {{ groups.all | sort | join(' ') }} + # # JAILS # -- cgit v1.2.3