From 176166a0193f7033c983d94e6d3819e26424860c Mon Sep 17 00:00:00 2001
From: David Galloway <dgallowa@redhat.com>
Date: Thu, 15 Nov 2018 10:38:52 -0500
Subject: [PATCH] public_facing: Support overriding fail2ban bantime per
 service

Signed-off-by: David Galloway <dgallowa@redhat.com>
---
 roles/public_facing/README.rst               | 1 +
 roles/public_facing/templates/f2b.service.j2 | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/roles/public_facing/README.rst b/roles/public_facing/README.rst
index b5a29ade..186bfc9f 100644
--- a/roles/public_facing/README.rst
+++ b/roles/public_facing/README.rst
@@ -46,6 +46,7 @@ Defined in ``roles/public_facing/defaults/main.yml``  Override these in the ansi
         maxretry: 3
         filter: "sshd-ddos"
         logpath: "{{ sshd_logpath }}"
+        bantime: -1 # optionally set in host_vars
 
     # Note: sshd_logpath gets defined automatically in roles/public_facing/tasks/fail2ban.yml
 
diff --git a/roles/public_facing/templates/f2b.service.j2 b/roles/public_facing/templates/f2b.service.j2
index 9d176d29..b0c09c8e 100644
--- a/roles/public_facing/templates/f2b.service.j2
+++ b/roles/public_facing/templates/f2b.service.j2
@@ -18,3 +18,6 @@ logpath = {{ item.value.logpath }}
 {% if item.value.filter is defined %}
 filter = {{ item.value.filter }}
 {% endif %}
+{% if item.value.bantime is defined %}
+bantime = {{ item.value.bantime }}
+{% endif %}
-- 
2.47.3