fruitbasket/modules/core/fail2ban.nix

{ ... }:
{
  services.fail2ban = {
    enable = true;
    ignoreIP = [
      "141.30.0.0/16"
      "141.76.0.0/16"
    ];
    bantime-increment = {
      enable = true;
    };

    jails = {
      dovecot = ''
        enabled = true
        # aggressive mode to add blocking for aborted connections
        filter = dovecot[mode=aggressive]
        maxretry = 15
      '';
      postfix = ''
        enabled = true
        filter = postfix[mode=aggressive]
        maxretry = 15
      '';
      sshd.settings.maxretry = 15;
    };
  };
}
treewide: ran deadnix 2024-03-11 22:49:12 +01:00			`{ ... }:`
setup fail2ban block tor exit nodes 2023-10-04 18:49:12 +02:00			`{`
			`services.fail2ban = {`
			`enable = true;`
fail2ban: whitelist tu ranges 2023-10-23 11:57:01 +02:00			`ignoreIP = [`
			`"141.30.0.0/16"`
			`"141.76.0.0/16"`
			`];`
fail2ban: enable incremental bantime 2023-10-20 16:57:02 +02:00			`bantime-increment = {`
			`enable = true;`
			`};`
setup fail2ban block tor exit nodes 2023-10-04 18:49:12 +02:00
			`jails = {`
fail2ban: setup postfix and dovecot 2023-10-19 14:24:11 +02:00			`dovecot = ''`
			`enabled = true`
			`# aggressive mode to add blocking for aborted connections`
			`filter = dovecot[mode=aggressive]`
increase fail2ban limits 2024-12-05 19:16:04 +01:00			`maxretry = 15`
fail2ban: setup postfix and dovecot 2023-10-19 14:24:11 +02:00			`'';`
			`postfix = ''`
			`enabled = true`
			`filter = postfix[mode=aggressive]`
increase fail2ban limits 2024-12-05 19:16:04 +01:00			`maxretry = 15`
fail2ban: setup postfix and dovecot 2023-10-19 14:24:11 +02:00			`'';`
increase fail2ban limits 2024-12-05 19:16:04 +01:00			`sshd.settings.maxretry = 15;`
setup fail2ban block tor exit nodes 2023-10-04 18:49:12 +02:00			`};`
			`};`
			`}`