diff options
| author | Solene Rapenne <solene.rapenne@tweag.io> | 2022-10-02 12:59:54 +0200 |
|---|---|---|
| committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2022-10-02 15:15:17 +0000 |
| commit | 52a85302d7396c2c6e9c5f46607967ad390ad0c8 (patch) | |
| tree | e18de59fdfb61aa3e925f6fc1a5791e8c1cd70b2 | |
| parent | Merge pull request #193433 from NixOS/backport-193380-to-release-22.05 (diff) | |
| download | nixpkgs-origin/backport-194052-to-release-22.05.tar.gz | |
nixos/fail2ban: improve module documentationorigin/backport-194052-to-release-22.05
(cherry picked from commit 605a588ea6d952227fe6554011add1650bfe8eb7)
| -rw-r--r-- | nixos/modules/services/security/fail2ban.nix | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix index 67e1026dcef4..0479cf056c29 100644 --- a/nixos/modules/services/security/fail2ban.nix +++ b/nixos/modules/services/security/fail2ban.nix @@ -91,8 +91,9 @@ in example = "nftables-multiport"; description = '' Default banning action (e.g. iptables, iptables-new, iptables-multiport, - shorewall, etc) It is used to define action_* variables. Can be overridden - globally or per section within jail.local file + iptables-ipset-proto6-allports, shorewall, etc) It is used to + define action_* variables. Can be overridden globally or per + section within jail.local file ''; }; @@ -212,10 +213,18 @@ in filter = apache-nohome action = iptables-multiport[name=HTTP, port="http,https"] logpath = /var/log/httpd/error_log* + backend = auto findtime = 600 bantime = 600 maxretry = 5 '''; + dovecot = ''' + # block IPs which failed to log-in + # aggressive mode add blocking for aborted connections + enabled = true + filter = dovecot[mode=aggressive] + maxretry = 3 + '''; } ''; type = types.attrsOf types.lines; |