public_facing: Support multiline regex fail2ban filters

Signed-off-by: David Galloway <dgallowa@redhat.com>

diff --git a/roles/public_facing/README.rst b/roles/public_facing/README.rst
index 1edf7eda2b93ad8ba09e82bc7b8ca30a4d0ed2d8..b5a29adeafd69109120563fdc10dc3d85fb54181 100644 (file)
--- a/roles/public_facing/README.rst
+++ b/roles/public_facing/README.rst
@@ -60,11 +60,14 @@ If required, define these in your ansible inventory ``host_vars`` file.
       - "80"
       - "443"
 
-``f2b_filters: {}`` is a dictionary of additional filters fail2ban should use.  For example, our status portal running Cachet has an additional fail2ban service monitoring repeated login attempts to the admin portal.  See filter example::
+``f2b_filters: {}`` is a dictionary of additional filters fail2ban should use.  For example, our status portal running Cachet has an additional fail2ban service monitoring repeated login attempts to the admin portal.  ``maxlines`` is an optional variable.  See filter example::
 
     f2b_filters:
       apache-cachet:
-      failregex: "<HOST> .*GET /auth/login.*$"
+        failregex: "<HOST> .*GET /auth/login.*$"
+      example-filter:
+        failregex: "<HOST> .*foo$"
+        maxlines: 3
 
 Common Tasks
 ++++++++++++

diff --git a/roles/public_facing/templates/f2b.filter.j2 b/roles/public_facing/templates/f2b.filter.j2
index 4cc8df0686daa3c895a909bc2196351400079613..86db2b7849fd1d423ba8adfadc606cb69eb3a7e8 100644 (file)
--- a/roles/public_facing/templates/f2b.filter.j2
+++ b/roles/public_facing/templates/f2b.filter.j2
@@ -3,3 +3,8 @@
 #
 [Definition]
 failregex = {{ item.value.failregex }}
+
+{% if item.value.maxlines is defined %}
+[Init]
+maxlines = {{ item.value.maxlines }}
+{% endif %}