Alan Orth
f7e87ea7be
According to jail.conf we actually need to separate multiple values with spaces instead of commas. On some versions of fail2ban this is a fatal error: > CRITICAL Unhandled exception in Fail2Ban: > Traceback (most recent call last): > File "/usr/lib/python3/dist-packages/fail2ban/server/jailthread.py", line 66, in run_with_except_hook > run(*args, **kwargs) > File "/usr/lib/python3/dist-packages/fail2ban/server/filtersystemd.py", line 246, in run > *self.formatJournalEntry(logentry)) > File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 432, in processLineAndAdd > if self.inIgnoreIPList(ip, log_ignore=True): > File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 371, in inIgnoreIPList > "(?<=b)1+", bin(DNSUtils.addr2bin(s[1]))).group()) > File "/usr/lib/python3/dist-packages/fail2ban/server/filter.py", line 928, in addr2bin > return struct.unpack("!L", socket.inet_aton(ipstring))[0] > OSError: illegal IP address string passed to inet_aton This affects (at least) fail2ban 0.9.3 on Ubuntu 16.04, but I never noticed.
14 lines
342 B
YAML
14 lines
342 B
YAML
---
|
|
#file - roles/common/defaults/main.yml
|
|
|
|
# add a dummy API key for AbuseIPDB.com (override with real one in host_vars)
|
|
abuseipdb_api_key: dummy
|
|
fail2ban_maxretry: 6
|
|
# 1 hour in seconds
|
|
fail2ban_findtime: 3600
|
|
# 2 weeks in seconds
|
|
fail2ban_bantime: 1209600
|
|
fail2ban_ignoreip: 127.0.0.1/8 172.26.0.0/16 192.168.5.0/24
|
|
|
|
# vim: set ts=2 sw=2:
|