fail2ban: whitelist our machine's public ip address so status checks dont cause bans of the machine itself
This commit is contained in:
parent
5bbe9f9a04
commit
20e11bbab3
2 changed files with 10 additions and 1 deletions
|
@ -1,5 +1,11 @@
|
||||||
# Fail2Ban configuration file for Mail-in-a-Box
|
# Fail2Ban configuration file for Mail-in-a-Box
|
||||||
|
|
||||||
|
[DEFAULT]
|
||||||
|
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
|
||||||
|
# ping services over the public interface so we should whitelist that address of
|
||||||
|
# ours too. The string is substituted during installation.
|
||||||
|
ignoreip = 127.0.0.1/8 PUBLIC_IP
|
||||||
|
|
||||||
# JAILS
|
# JAILS
|
||||||
|
|
||||||
[ssh]
|
[ssh]
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
source /etc/mailinabox.conf
|
||||||
source setup/functions.sh # load our functions
|
source setup/functions.sh # load our functions
|
||||||
|
|
||||||
# Basic System Configuration
|
# Basic System Configuration
|
||||||
|
@ -198,7 +199,9 @@ restart_service resolvconf
|
||||||
# ### Fail2Ban Service
|
# ### Fail2Ban Service
|
||||||
|
|
||||||
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh
|
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh
|
||||||
cp conf/fail2ban/jail.local /etc/fail2ban/jail.local
|
cat conf/fail2ban/jail.local \
|
||||||
|
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
|
||||||
|
> /etc/fail2ban/jail.local
|
||||||
cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf
|
cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf
|
||||||
|
|
||||||
restart_service fail2ban
|
restart_service fail2ban
|
||||||
|
|
Loading…
Reference in a new issue