[sshd] enabled = true # See: /etc/fail2ban/filter.d/sshd.conf filter = sshd {% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11', '>=') %} # Integrate with nftables banaction=nftables[type=allports] {% else %} # Integrate with firewalld and ipsets banaction = firewallcmd-ipset {% endif %} backend = systemd maxretry = {{ fail2ban_maxretry }} findtime = {{ fail2ban_findtime }} bantime = {{ fail2ban_bantime }} ignoreip = {{ fail2ban_ignoreip }}