thunderbottom/flakes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: use correct module options for fail2ban

Browse Source 
* ignoreIPs -> ignoreIP
* Add settings block to each jail

Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
This commit is contained in:
Chinmay D. Pai 2024-10-06 00:03:01 +05:30
parent a9d7582fcf
commit 164acc1042
Signed by: thunderbottom
GPG Key ID: 75507BE256F40CED
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/nixos/services/fail2ban/default.nix
View File

@ -28,7 +28,7 @@
factor = "4"; factor = "4";
}; };
ignoreIPs = ignoreIP =
[ [
"192.168.69.0/16" "192.168.69.0/16"
"172.16.0.0/12" "172.16.0.0/12"
@ -38,9 +38,11 @@
jails = { jails = {
DEFAULT = { DEFAULT = {
blocktype = "DROP"; settings = {
bantime = "6h"; blocktype = "DROP";
findtime = "6h"; bantime = lib.mkDefault "6h";
findtime = "6h";
};
}; };
sshd = { sshd = {
@ -56,10 +58,12 @@
}; };
port-scan = { port-scan = {
filter = "port-scan"; settings = {
action = "iptables-allports[name=port-scan]"; filter = "port-scan";
bantime = 86400; action = "iptables-allports[name=port-scan]";
maxretry = 2; bantime = 86400;
maxretry = 2;
};
}; };
}; };
}; };