Alan Orth
14814aa5d9
The nftables support works easily and creates the table, chains, and sets on demand.
17 lines
499 B
Django/Jinja
17 lines
499 B
Django/Jinja
[sshd]
|
|
enabled = true
|
|
# See: /etc/fail2ban/filter.d/sshd.conf
|
|
filter = sshd
|
|
{% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11', '>=') %}
|
|
# Integrate with nftables
|
|
banaction=nftables[type=allports]
|
|
{% else %}
|
|
# Integrate with firewalld and ipsets
|
|
banaction = firewallcmd-ipset
|
|
{% endif %}
|
|
backend = systemd
|
|
maxretry = {{ fail2ban_maxretry }}
|
|
findtime = {{ fail2ban_findtime }}
|
|
bantime = {{ fail2ban_bantime }}
|
|
ignoreip = {{ fail2ban_ignoreip }}
|