search

Oefenweb / ansible-fail2ban

Ansible role to set up fail2ban in Debian-like systems
MIT License
117 stars 55 forks source link

fail2ban_ignoreips as vars #77

Closed organicnz closed 1 year ago

organicnz commented 1 year ago

Hi, folks,

I'm sorry for asking via issues. Unfortunately, I don't have enough expertise to figure out how to add fail2ban_ignoreips as vars in the playbook. I would be very grateful if you could add this option to the readme.md. Thank you :)

Currently, it's put together in this way:

#################################################
# DO Community Playbooks: Initial Server Setup
#################################################
---
- hosts: all
  become: true
  vars_files:
    - vars/default.yml
  roles:
    - oefenweb.fail2ban
  vars:
    fail2ban_services:
      # In older versions of Fail2Ban this is called ssh
      - name: sshd
        port: 22
        maxretry: 5
        bantime: -1

    # Default jail settings for all jails (can be overridden by individual jails)
    fail2ban_ignoreips:
      - name: ignoreips
        ignoreip: '127.0.0.1/8'
        bantime: 600
        findtime: 600
        maxretry: 5
        banaction: firewallcmd-ipset

...

GitLab repository

tersmitten commented 1 year ago

fail2ban_ignoreips is a (simple) list variable. I should be used like this:

#################################################
# DO Community Playbooks: Initial Server Setup
#################################################
---
- hosts: all
  become: true
  vars_files:
    - vars/default.yml
  roles:
    - oefenweb.fail2ban
  vars:
fail2ban_ignoreips:
 - "{{ ansible_lo['ipv4']['address'] }}/8"
 - "{{ ansible_default_ipv4['address'] }}"
fail2ban_bantime: 3600
fail2ban_services:
  # TODO: In Ubuntu 16.04 this is sshd
  - name: "{{ fail2ban_ssh_service_name }}"
    maxretry: 5
  # TODO: In Ubuntu 16.04 this is sshd-ddos
  - name: "{{ fail2ban_ssh_service_name }}-ddos"
    maxretry: 5
organicnz commented 1 year ago

Thank you very much for your help, mate :)