Commit 20e11bba authored by Joshua Tauberer's avatar Joshua Tauberer

fail2ban: whitelist our machine's public ip address so status checks dont...

fail2ban: whitelist our machine's public ip address so status checks dont cause bans of the machine itself
parent 5bbe9f9a
# Fail2Ban configuration file for Mail-in-a-Box # Fail2Ban configuration file for Mail-in-a-Box
[DEFAULT]
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
# ping services over the public interface so we should whitelist that address of
# ours too. The string is substituted during installation.
ignoreip = 127.0.0.1/8 PUBLIC_IP
# JAILS # JAILS
[ssh] [ssh]
......
source /etc/mailinabox.conf
source setup/functions.sh # load our functions source setup/functions.sh # load our functions
# Basic System Configuration # Basic System Configuration
...@@ -198,7 +199,9 @@ restart_service resolvconf ...@@ -198,7 +199,9 @@ restart_service resolvconf
# ### Fail2Ban Service # ### Fail2Ban Service
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh # Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix and ssh
cp conf/fail2ban/jail.local /etc/fail2ban/jail.local cat conf/fail2ban/jail.local \
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
> /etc/fail2ban/jail.local
cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf cp conf/fail2ban/dovecotimap.conf /etc/fail2ban/filter.d/dovecotimap.conf
restart_service fail2ban restart_service fail2ban
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment