ssme-thesis/attachments/ansible/roles/ansible-sw-sshsec/templates/jail.local.j2

# Fail2Ban configuration file.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = {{ fail2ban_config_ignoreip }}
bantime  = {{ fail2ban_config_bantime }}
maxretry = {{ fail2ban_config_maxretry }}
findtime  = 6000
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = {{ fail2ban_config_destemail }}
mta = sendmail
ignoreip = 81.200.53.35,192.168.0.0/16

#
# JAILS
#

[ssh]

enabled  = {{ fail2ban_config_jail_ssh_enabled }}
port     = ssh
filter   = sshd
logpath  = /var/log/secure
banaction = firewallcmd-ipset

[ssh-ddos]

enabled  = {{ fail2ban_config_jail_sshddos_enabled }}
port     = ssh
filter   = sshd-ddos
logpath  = /var/log/secure
banaction = firewallcmd-ipset