fix(pillar.example): declare ignoreip (whitelist) in jail section (ng)

saltstack-formulas · Jan 10, 2020 · 00661cb · 00661cb
1 parent d41fe3f
commit 00661cb
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/pillar.example b/pillar.example
@@ -8,7 +8,6 @@ fail2ban:
   lookup:
     config:
       loglevel: ERROR
-      ignoreip: 127.0.0.1/8
       bantime: 600
       maxretry: 3
       backend: auto
@@ -19,21 +18,24 @@ fail2ban:
         filter: sshd
         logpath: /var/log/auth.log
         maxretry: 6
-        port: ssh
+        port: ssh	
+        ignoreip: 127.0.0.1/8
       ssh_ddos:
         action: iptables[name=SSH, port=ssh, protocol=tcp]
         enabled: 'true'
         filter: sshd-ddos
         logpath: /var/log/auth.log
         maxretry: 6
         port: ssh
+        ignoreip: 127.0.0.1/8
       nginx-noscript:
         action: iptables-multiport[name=NoScript, port="http,https"]
         enabled: 'true'
         filter: nginx-noscript
         logpath: /var/log/nginx*/*access*.log
         maxretry: 6
         port: http,https
+        ignoreip: 127.0.0.1/8
     filters:
       nginx-noscript:
         Definition:
@@ -74,13 +76,15 @@ fail2ban:
         logpath: /var/log/auth.log
         maxretry: 6
         port: ssh
+        ignoreip: 127.0.0.1/8
       ssh_ddos:
         action: iptables[name=SSH, port=ssh, protocol=tcp]
         enabled: 'true'
         filter: sshd-ddos
         logpath: /var/log/auth.log
         maxretry: 6
         port: ssh
+        ignoreip: 127.0.0.1/8
 
     # action.d
     actions: