Install Fail2ban IP allow list

This commit is contained in:
Kris Lamoureux 2022-06-28 23:43:58 -04:00
parent 8362230eb4
commit 9eefad0e87
Signed by: kris
GPG Key ID: 3EDA9C3441EDA925
2 changed files with 9 additions and 0 deletions

View File

@ -34,6 +34,13 @@
dest: /etc/fail2ban/jail.d/sshd.conf dest: /etc/fail2ban/jail.d/sshd.conf
notify: restart_fail2ban notify: restart_fail2ban
- name: Install Fail2ban IP allow list
template:
src: fail2ban-allowlist.conf.j2
dest: /etc/fail2ban/jail.d/allowlist.conf
when: fail2ban_ignoreip is defined
notify: restart_fail2ban
- name: Enable firewall - name: Enable firewall
ufw: ufw:
state: enabled state: enabled

View File

@ -0,0 +1,2 @@
[DEFAULT]
ignoreip = {% for host in fail2ban_ignoreip %}{{ host }}{% if not loop.last %} {% endif %}{% endfor %}