forked from ritsu/ipset-fail2ban
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathipset-fail2ban.conf
41 lines (32 loc) · 1.51 KB
/
ipset-fail2ban.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# List of fail2ban jails to scan for banned IP addresses.
JAILS=(
"sshd"
"pam-generic"
"nginx-http-auth"
)
# Banned IP addresses found in jails will be written to BLACKLIST_FILE. If the
# file already exists, IPs will be read from it and included in the list of
# banned IPs being processed. Duplicate IPs will be automatically pruned.
BLACKLIST_FILE="/etc/ipset-fail2ban/ipset-fail2ban.list"
# Name of ipset blacklist to use. Set this so it does not conflict with existing
# ipset blacklists. Use "ipset list -n" to list existing ipset lists.
IPSET_BLACKLIST="blacklist_fail2ban"
# Temporary ipset blacklist used for building new blacklist.
IPSET_TMP_BLACKLIST="${IPSET_BLACKLIST}-tmp"
# Automatically generated file containing rules used to update ipset blacklist.
IPSET_RESTORE_FILE="/etc/ipset-fail2ban/ipset-fail2ban.restore"
# Remove all banned IP addresses from each jail specified in JAILS. It should be
# safe to set this to true as long as BLACKLIST_FILE is written to each time and
# saved. For jails with a large number of banned IPs, this can take a while the
# first time it is used.
CLEANUP=false
# If QUIET=true, standard messages will not be displayed, and only error
# messages will be sent to STDERR.
QUIET=true
# Increase this value and delete the existing blacklist if you get a
# "blacklist is full" error.
MAXELEM=65536
# Must be a power of 2. Increase as you increase MAXELEM to avoid clashes.
HASHSIZE=16384
# Position of iptables rule created for ipset blacklist. Default is 1.
IPTABLES_IPSET_POSITION=2