roles/common: Fix fail2ban ignoreip

According to jail.conf we actually need to separate multiple values with spaces instead of commas. On some versions of fail2ban this is a fatal error: > CRITICAL Unhandled exception in Fail2Ban: > Traceback (most recent call last): > File "/usr/lib/python3/dist-packages/fail2ban/server/jailthread.py", line 66, in run_with_except_hook > run(*args, **kwargs) > File "/usr/lib/python3/dist-packages/fail2ban/server/filtersystemd.py", line 246, in run > *self.formatJournalEntry(logentry)) > File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 432, in processLineAndAdd > if self.inIgnoreIPList(ip, log_ignore=True): > File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 371, in inIgnoreIPList > "(?<=b)1+", bin(DNSUtils.addr2bin(s[1]))).group()) > File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 928, in addr2bin > return struct.unpack("!L", socket.inet_aton(ipstring))[0] > OSError: illegal IP address string passed to inet_aton This affects (at least) fail2ban 0.9.3 on Ubuntu 16.04, but I never noticed.
2021-08-12 15:24:50 +03:00 · 2021-08-12 15:24:50 +03:00 · f7e87ea7be
parent 7b233eb31d
commit f7e87ea7be
1 changed files with 3 additions and 1 deletions
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@ -1,11 +1,13 @@
 ---
 #file - roles/common/defaults/main.yml

+# add a dummy API key for AbuseIPDB.com (override with real one in host_vars)
+abuseipdb_api_key: dummy
 fail2ban_maxretry: 6
 # 1 hour in seconds
 fail2ban_findtime: 3600
 # 2 weeks in seconds
 fail2ban_bantime: 1209600
-fail2ban_ignoreip: 127.0.0.1/8,172.26.0.0/16,192.168.5.0/24
+fail2ban_ignoreip: 127.0.0.1/8 172.26.0.0/16 192.168.5.0/24

 # vim: set ts=2 sw=2: