fail2ban

Overview Versions Insights

Molecule test

Requirements

  1. Ansible installed:
sudo apt install python3
python3 -m ensurepip --upgrade
pip3 install ansible

Required variables

Set the variables as shown in defaults.

Currently available fail2ban_jails are:

  • sshd
  • nginx
  • postfix

Example playbook

hosts:
  - foo
roles:
  - ansible-fail2ban

TLDR - What will happen if I run this

  • install fai2ban
  • move template of fail2ban configs to host (based on jail params)
  • reload fail2ban config

Note: this configures fail2ban to add to nftables (not iptables)

Future Improvements

  • Allow non authorative zones and key directives
  • Improve sane defaults of variables (see defaults defined in defaults/main.yaml)
  • Allow TTL to be passed in records
  • Add automated KSK rollover to dnssecpls script
  • Allow duplicates of dnssecpls script with different variables from ZSK rollover etc as specified in nsd_zone_attributes
  • Only update serial when required, instead of when running role
About

role to configure fail2ban using nftables, and optionally you can pass an abuseipdb API key.

role fail2ban nftables abuseipdb
Install
ansible-galaxy install pimvh/fail2ban
GitHub repository
0 stars
0 forks
0 open issues
License
gpl-3.0
Downloads
86
Owner