fail2ban: whitelist our machine's public ip address so status checks dont cause bans of the machine itself

This commit is contained in:
Joshua Tauberer 2015-12-07 08:45:59 -05:00
parent 5bbe9f9a04
commit 20e11bbab3
2 changed files with 10 additions and 1 deletions

View file

@ -1,5 +1,11 @@
# Fail2Ban configuration file for Mail-in-a-Box # Fail2Ban configuration file for Mail-in-a-Box
[DEFAULT]
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
# ping services over the public interface so we should whitelist that address of
# ours too. The string is substituted during installation.
ignoreip = 127.0.0.1/8 PUBLIC_IP
# JAILS # JAILS
[ssh] [ssh]

View file

@ -1,3 +1,4 @@
source /etc/mailinabox.conf
source setup/functions.sh # load our functions source setup/functions.sh # load our functions
# Basic System Configuration # Basic System Configuration
@ -198,7 +199,9 @@ restart_service resolvconf
# ### Fail2Ban Service # ### Fail2Ban Service
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh
cp conf/fail2ban/jail.local /etc/fail2ban/jail.local cat conf/fail2ban/jail.local \
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
> /etc/fail2ban/jail.local
cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf
restart_service fail2ban restart_service fail2ban