[DEFAULT]

# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8 ::1 {{ system_base_fail2ban_ignoreip }}

# "bantime" is the number of seconds that a host is banned.
bantime  = 1d

# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
#              If pyinotify is not installed, Fail2ban will use auto.
# gamin:     requires Gamin (a file alteration monitor) to be installed.
#              If Gamin is not installed, Fail2ban will use auto.
# polling:   uses a polling algorithm which does not require external libraries.
# systemd:   uses systemd python library to access the systemd journal.
#              Specifying "logpath" is not valid for this backend.
#              See "journalmatch" in the jails associated filter config
# auto:      will try to use the following backends, in order:
#              pyinotify, gamin, polling.
#
# Note: if systemd backend is chosen as the default but you enable a jail
#       for which logs are present only in its own log files, specify some other
#       backend for that jail (e.g. polling) and provide empty value for
#       journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
backend = systemd

# Destination email address used solely for the interpolations in jail.{conf,local,d/*}
# configuration files.
destemail = root

# Sender email address used solely for some actions
sender = fail2ban

# Specify chain where jumps would need to be added in ban-actions expecting parameter chain. Chain
# variable needs to be overridden in jail.local, as the uppercase `chain = INPUT` declaration in
# jail.conf shadows proper lowercase declaration in nftables-common.conf.
chain = input

# Default banning action (e.g. iptables, iptables-new, iptables-multiport, shorewall, etc) It is
# used to define action_* variables. Can be overridden globally or per section within jail.local
# file. Use nftables instead of iptables.
banaction = nftables[type=multiport]
banaction_allports = nftables[type=allports]

# Choose default action. To change, just override value of 'action' with the interpolation to the
# chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local globally (section
# [DEFAULT]) or per specific section.
action = %(action_mw)s