From 70ba4b240f604d82bcfb8578807558f43bee6776 Mon Sep 17 00:00:00 2001 From: "Joshua M. Boniface" Date: Tue, 13 Apr 2021 16:44:49 -0400 Subject: [PATCH] Allow configurable fail2ban IPs --- roles/base/defaults/main.yml | 2 ++ roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2 | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml index 4111dcb..663af4f 100644 --- a/roles/base/defaults/main.yml +++ b/roles/base/defaults/main.yml @@ -1,2 +1,4 @@ --- deploy_username: "deploy" +fail2ban_ignorelist: + - 10.0.0.0/8 diff --git a/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2 b/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2 index 1ba69dd..f58b046 100644 --- a/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2 +++ b/roles/base/templates/etc/fail2ban/jail.d/sshd.local.j2 @@ -1,7 +1,7 @@ [DEFAULT] maxretry = 3 bantime = 14400 -ignoreip = 127.0.0.0/8 10.0.0.0/8 198.55.48.48/28 +ignoreip = 127.0.0.0/8 {% for ignore in fail2ban_ignorelist %}{{ ignore }} {% endfor %} [ssh] enabled = true