[DEFAULT] ignoreip = 127.0.0.1 {{ ansible_default_ipv4.address }} {{ ' '.join(friendly_networks) }} bantime = 86400 destemail = {{ admin_email }} banaction = iptables-multiport action = %(action_)s # JAILS [sshd] enabled = true maxretry = 3 [pam-generic] enabled = true banaction = iptables-allports [sshd-ddos] enabled = true [apache-auth] enabled = true [apache-badbots] enabled = true [apache-botsearch] enabled = true [apache-common] enabled = true [apache-fakegooglebot] enabled = true [apache-modsecurity] enabled = true [apache-nohome] enabled = true [apache-noscript] enabled = true [apache-overflows] enabled = true [apache-pass] enabled = true [apache-shellshock] enabled = true [postfix] enabled = true maxretry = 1 [dovecot-pop3imap] enabled = true filter = dovecot-pop3imap action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap,993,995", protocol=tcp] logpath = /var/log/mail.log maxretry = 20 findtime = 1200 bantime = 1200 [gitea] enabled = true port = http,https filter = gitea logpath = /data/gitea/log/gitea.log maxretry = 10 findtime = 3600 bantime = 900 action = iptables-allports