2022-12-20 19:47:11 +01:00
|
|
|
[DEFAULT]
|
|
|
|
|
|
|
|
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
|
|
|
|
# will not ban a host which matches an address in this list. Several addresses
|
|
|
|
# can be defined using space (and/or comma) separator.
|
|
|
|
ignoreip = 127.0.0.1/8 ::1 {{ system_base_fail2ban_ignoreip }}
|
|
|
|
|
|
|
|
# "bantime" is the number of seconds that a host is banned.
|
|
|
|
bantime = 1d
|
|
|
|
|
2023-09-30 23:44:40 +02:00
|
|
|
# "backend" specifies the backend used to get files modification.
|
|
|
|
# Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".
|
|
|
|
# This option can be overridden in each jail as well.
|
|
|
|
#
|
|
|
|
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
|
|
|
|
# If pyinotify is not installed, Fail2ban will use auto.
|
|
|
|
# gamin: requires Gamin (a file alteration monitor) to be installed.
|
|
|
|
# If Gamin is not installed, Fail2ban will use auto.
|
|
|
|
# polling: uses a polling algorithm which does not require external libraries.
|
|
|
|
# systemd: uses systemd python library to access the systemd journal.
|
|
|
|
# Specifying "logpath" is not valid for this backend.
|
|
|
|
# See "journalmatch" in the jails associated filter config
|
|
|
|
# auto: will try to use the following backends, in order:
|
|
|
|
# pyinotify, gamin, polling.
|
|
|
|
#
|
|
|
|
# Note: if systemd backend is chosen as the default but you enable a jail
|
|
|
|
# for which logs are present only in its own log files, specify some other
|
|
|
|
# backend for that jail (e.g. polling) and provide empty value for
|
|
|
|
# journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
|
|
|
|
backend = systemd
|
|
|
|
|
2022-12-20 19:47:11 +01:00
|
|
|
# Destination email address used solely for the interpolations in jail.{conf,local,d/*}
|
|
|
|
# configuration files.
|
|
|
|
destemail = root
|
|
|
|
|
|
|
|
# Sender email address used solely for some actions
|
|
|
|
sender = fail2ban
|
|
|
|
|
|
|
|
# Specify chain where jumps would need to be added in ban-actions expecting parameter chain. Chain
|
|
|
|
# variable needs to be overridden in jail.local, as the uppercase `chain = INPUT` declaration in
|
|
|
|
# jail.conf shadows proper lowercase declaration in nftables-common.conf.
|
|
|
|
chain = input
|
|
|
|
|
|
|
|
# Default banning action (e.g. iptables, iptables-new, iptables-multiport, shorewall, etc) It is
|
|
|
|
# used to define action_* variables. Can be overridden globally or per section within jail.local
|
|
|
|
# file. Use nftables instead of iptables.
|
|
|
|
banaction = nftables[type=multiport]
|
|
|
|
banaction_allports = nftables[type=allports]
|
|
|
|
|
|
|
|
# Choose default action. To change, just override value of 'action' with the interpolation to the
|
|
|
|
# chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local globally (section
|
|
|
|
# [DEFAULT]) or per specific section.
|
|
|
|
action = %(action_mw)s
|