public_facing: Support overriding fail2ban bantime per service

author David Galloway <dgallowa@redhat.com>

Thu, 15 Nov 2018 15:38:52 +0000 (10:38 -0500)

committer David Galloway <dgallowa@redhat.com>

Thu, 15 Nov 2018 15:38:52 +0000 (10:38 -0500)
author David Galloway <dgallowa@redhat.com>
Thu, 15 Nov 2018 15:38:52 +0000 (10:38 -0500)
committer David Galloway <dgallowa@redhat.com>
Thu, 15 Nov 2018 15:38:52 +0000 (10:38 -0500)
diff --git a/roles/public_facing/README.rst b/roles/public_facing/README.rst

index b5a29adeafd69109120563fdc10dc3d85fb54181..186bfc9fade24fe68cb546b60752a22bda1e21b9 100644 (file)
--- a/roles/public_facing/README.rst
+++ b/roles/public_facing/README.rst
@@ -46,6 +46,7 @@ Defined in ``roles/public_facing/defaults/main.yml``  Override these in the ansi
          maxretry: 3
          filter: "sshd-ddos"
          logpath: "{{ sshd_logpath }}"
+        bantime: -1 # optionally set in host_vars
  
      # Note: sshd_logpath gets defined automatically in roles/public_facing/tasks/fail2ban.yml
  
diff --git a/roles/public_facing/templates/f2b.service.j2 b/roles/public_facing/templates/f2b.service.j2

index 9d176d29f9e3cba1668c39b8abaf5d0892c69456..b0c09c8e67b8d348f1e251c78eabd983260ae355 100644 (file)
--- a/roles/public_facing/templates/f2b.service.j2
+++ b/roles/public_facing/templates/f2b.service.j2
@@ -18,3 +18,6 @@ logpath = {{ item.value.logpath }}
  {% if item.value.filter is defined %}
  filter = {{ item.value.filter }}
  {% endif %}
+{% if item.value.bantime is defined %}
+bantime = {{ item.value.bantime }}
+{% endif %}
author	David Galloway <dgallowa@redhat.com>
	Thu, 15 Nov 2018 15:38:52 +0000 (10:38 -0500)
committer	David Galloway <dgallowa@redhat.com>
	Thu, 15 Nov 2018 15:38:52 +0000 (10:38 -0500)
roles/public_facing/README.rst		patch \| blob \| history
roles/public_facing/templates/f2b.service.j2		patch \| blob \| history