nixos-config/hosts/falkenstein/modules/fail2ban/default.nix

{ lib, ... }:
{
  services.fail2ban = {
    enable = true;
    ignoreIP = [
      "141.30.0.0/16"
      "141.76.0.0/16"
    ];
    bantime = "10m";
    bantime-increment = {
      enable = true;
    };
    jails = {
      sshd = lib.mkForce ''
        enabled = true
        port = ssh
        filter= sshd[mode=aggressive]
      '';
      dovecot = ''
        enabled = true
        # aggressive mode add blocking for aborted connections
        filter = dovecot[mode=aggressive]
        maxretry = 3
      '';
      postfix = ''
        enabled = true
        filter = postfix[mode=aggressive]
        maxretry = 3
      '';
    };
  };
}
networking and security updates 2023-11-25 23:22:16 +01:00			`{ lib, ... }:`
wireguard and fail2ban 2023-10-22 15:45:30 +02:00			`{`
			`services.fail2ban = {`
			`enable = true;`
networking updates 2023-12-12 17:44:28 +01:00			`ignoreIP = [`
			`"141.30.0.0/16"`
			`"141.76.0.0/16"`
			`];`
wireguard and fail2ban 2023-10-22 15:45:30 +02:00			`bantime = "10m";`
			`bantime-increment = {`
			`enable = true;`
			`};`
			`jails = {`
networking and security updates 2023-11-25 23:22:16 +01:00			`sshd = lib.mkForce ''`
			`enabled = true`
			`port = ssh`
			`filter= sshd[mode=aggressive]`
			`'';`
wireguard and fail2ban 2023-10-22 15:45:30 +02:00			`dovecot = ''`
			`enabled = true`
			`# aggressive mode add blocking for aborted connections`
			`filter = dovecot[mode=aggressive]`
			`maxretry = 3`
			`'';`
			`postfix = ''`
			`enabled = true`
			`filter = postfix[mode=aggressive]`
			`maxretry = 3`
			`'';`
			`};`
			`};`
			`}`