From ffaf40c6d2b8f8d0fee01ef7a9413f3c8d5526ef Mon Sep 17 00:00:00 2001 From: Noah Seefried Date: Thu, 3 Dec 2020 13:40:04 +0100 Subject: [PATCH] Add support for custom allports banaction --- README.md | 1 + defaults/main.yml | 1 + templates/etc/fail2ban/jail.local.j2 | 1 + 3 files changed, 3 insertions(+) diff --git a/README.md b/README.md index 34d064c..1d67d10 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ None - `fail2ban_findtime`: [default: `600`]: A host is banned if it has generated `fail2ban_maxretry` during the last `fail2ban_findtime` - `fail2ban_backend`: [default: `auto`]: Specifies the backend used to get files modification - `fail2ban_banaction`: [default: `iptables-multiport`]: Sets the global/default banaction +- `fail2ban_banaction_allports`: [default: `iptables-allports`]: Sets the global/default banaction for allports - `fail2ban_mta`: [default: `sendmail`]: Email action - `fail2ban_protocol`: [default: `tcp`]: Sets the default protocol - `fail2ban_chain`: [default: `INPUT`]: Specifies the chain where jumps would need to be added in iptables-* actions diff --git a/defaults/main.yml b/defaults/main.yml index 4c16fda..dbb485c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -19,6 +19,7 @@ fail2ban_findtime: 600 fail2ban_backend: auto fail2ban_destemail: root@localhost fail2ban_banaction: iptables-multiport +fail2ban_banaction_allports: iptables-allports fail2ban_mta: sendmail fail2ban_protocol: tcp fail2ban_chain: INPUT diff --git a/templates/etc/fail2ban/jail.local.j2 b/templates/etc/fail2ban/jail.local.j2 index d468f2f..e731f1e 100644 --- a/templates/etc/fail2ban/jail.local.j2 +++ b/templates/etc/fail2ban/jail.local.j2 @@ -40,6 +40,7 @@ sender = {{ fail2ban_sender }} # action_* variables. Can be overridden globally or per # section within jail.local file banaction = {{ fail2ban_banaction }} +banaction_allports = {{ fail2ban_banaction_allports }} # email action. Since 0.8.1 upstream fail2ban uses sendmail # MTA for the mailing. Change mta configuration parameter to mail