fail2ban: whitelist our machine's public ip address so status checks dont cause bans of the machine itself
This commit is contained in:
Joshua Tauberer
parent
5bbe9f9a04
commit
20e11bbab3
2 changed files with 10 additions and 1 deletions
|
|
@ -1,5 +1,11 @@
|
|||
# Fail2Ban configuration file for Mail-in-a-Box
|
||||
|
||||
[DEFAULT]
|
||||
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
|
||||
# ping services over the public interface so we should whitelist that address of
|
||||
# ours too. The string is substituted during installation.
|
||||
ignoreip = 127.0.0.1/8 PUBLIC_IP
|
||||
|
||||
# JAILS
|
||||
|
||||
[ssh]
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
source /etc/mailinabox.conf
|
||||
source setup/functions.sh # load our functions
|
||||
|
||||
# Basic System Configuration
|
||||
|
|
@ -198,7 +199,9 @@ restart_service resolvconf
|
|||
# ### Fail2Ban Service
|
||||
|
||||
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh
|
||||
cp conf/fail2ban/jail.local /etc/fail2ban/jail.local
|
||||
cat conf/fail2ban/jail.local \
|
||||
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
|
||||
> /etc/fail2ban/jail.local
|
||||
cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf
|
||||
|
||||
restart_service fail2ban
|
||||
|
|
|
|||
Loading…
Reference in a new issue