fsagbuya
/
it-infra
forked from M-Labs/it-infra
1
0
Fork 0
Code Pull Requests Activity

nixbld: enable more fail2ban filters

This commit is contained in:
Sebastien Bourdeauducq 2022-07-25 18:33:24 +08:00
parent 93a40ea87d
commit 66d7dd6efe
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
nixbld-etc-nixos/configuration.nix
View File

@ -59,6 +59,30 @@ in
filter = sshd filter = sshd
action = iptables-allports action = iptables-allports
''; '';
services.fail2ban.jails.nginx-botsearch =
''
enabled = true
filter = nginx-botsearch
action = iptables-allports
'';
services.fail2ban.jails.nginx-limit-req =
''
enabled = true
filter = nginx-limit-req
action = iptables-allports
'';
services.fail2ban.jails.postfix =
''
enabled = true
filter = postfix
action = iptables-allports
'';
services.fail2ban.jails.dovecot =
''
enabled = true
filter = dovecot
action = iptables-allports
'';
networking = { networking = {
hostName = "nixbld"; hostName = "nixbld";