search

Oefenweb / ansible-fail2ban

Ansible role to set up fail2ban in Debian-like systems
MIT License
117 stars 55 forks source link

Allow using jails from jail.conf #36

Closed Yannik closed 7 years ago

Yannik commented 7 years ago

Hi, according to man jail.conf:

.conf files are distributed by Fail2Ban. It is recommended that .conf files should remain unchanged to ease upgrades. If needed, customizations should be provided in *.local files. For example, if you would like to enable the [ssh-iptables-ipset] jail specified in jail.conf, create jail.local containing

[ssh-iptables-ipset] enabled = true

In .local files specify only the settings you would like to change and the rest of the configuration will then come from the corresponding .conf file which is parsed first.

The example given in the manpage does not work with this role.

To fix this, all attributes must be optional, because they could already be given in jail.conf.

Yannik commented 7 years ago

Additionally, using the default value for maxretry does not currently work, as templating fails if no maxretry is specified.

Yannik commented 7 years ago

I created a PR to fix this: #37