Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Anonymous contrib] How to set an IP adress in Fail2ban whitelist #1014

Open
wants to merge 1 commit into
base: master
from

Conversation

@yunohost-bot
Copy link
Contributor

commented Jun 27, 2019

No description provided.

@Gofannon

This comment has been minimized.

Copy link
Contributor

commented Jun 30, 2019

Instead of copying the whole jail.conf to jail.local, I believe that it should be better to:

  1. use the minimum code configuration (see below) to whitelist IP.
    1. This way, there will be no breaking on further fail2ban updates
  2. Decide a file name dedicated to user configuration?
    1. It could be managed by YunoHost later (by CLI or GUI)
    2. I choose yunohost-customs-whitelist.conf as there is already a file yunohost-jails.conf
    3. Filename could be more specific
root@yunohost:~# cat /etc/fail2ban/jail.d/yunohost-customs-whitelist.conf 
[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8 XXX.XXX.XXX.XXX
root@yunohost:~# 
root@yunohost:~# ls -1 /etc/fail2ban/jail.d/
defaults-debian.conf
kanboard.conf
nextcloud.conf
rainloop.conf
wallabag2.conf
yunohost-customs-whitelist.conf
yunohost-jails.conf
root@yunohost:~# 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.