nixbld: enable more fail2ban filters

2022-07-25 18:33:24 +08:00 · 2022-07-25 18:33:24 +08:00 · 66d7dd6efe
parent 93a40ea87d
commit 66d7dd6efe
1 changed files with 24 additions and 0 deletions
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@ -59,6 +59,30 @@ in
    filter = sshd
    action = iptables-allports
    '';
+  services.fail2ban.jails.nginx-botsearch =
+    ''
+    enabled = true
+    filter = nginx-botsearch
+    action = iptables-allports
+    '';
+  services.fail2ban.jails.nginx-limit-req =
+    ''
+    enabled = true
+    filter = nginx-limit-req
+    action = iptables-allports
+    '';
+  services.fail2ban.jails.postfix =
+    ''
+    enabled = true
+    filter = postfix
+    action = iptables-allports
+    '';
+  services.fail2ban.jails.dovecot =
+    ''
+    enabled = true
+    filter = dovecot
+    action = iptables-allports
+    '';

  networking = {
    hostName = "nixbld";