#+++++++++++++++++++++++++++++++++++++
# PLS , DONT EDIT THIS FILE , THIS FILE IS DEPLOYER WITH ANSIBLE TEMPLATES , IF U WANT SOME CHANGES OR ADD NEW POLICIES
# EDIT THE FILE config-fail2ban.yaml IN GITEA REPO vn-ansible > linux > base-config-debian , AND ADD MORE VARS
#+++++++++++++++++++++++++++++++++++++

# Custom fail2ban conf

#+++++++++++++++++++++++++++++++++++++

# 31536000 ; year
# 18144000 ; 30days
# 604800   ; 1 week
# 86400    ; 1 day
# 3600     ; 1 hour

#+++++++++++++++++++++++++++++++++++++

[INCLUDES]

#
# INCLUDES
#

before = paths-debian.conf

#+++++++++++++++++++++++++++++++++++++

# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.

[DEFAULT] 

#
# OPTIONS CONF DEFAULT
#

# ignorecommand =
{% if fail2ban_times is defined %}
{% for time in fail2ban_times %}
bantime = {{ time.bantime | default('604800')}}
findtime = {{ time.findtime | default('604800')}}
maxretry = {{ time.maxretry | default('4')}}
{% endfor %}
{% endif %}
maxmatches = %(maxretry)s
backend = auto
usedns = warn
logencoding = auto
enabled = false
mode = normal
filter = %(__name__)s[mode=%(mode)s]
destemail = sysadmin@verdnatura.es
sender = root@<fq-hostname>
mta = mail
protocol = tcp
chain = <known/chain>
port = 0:65535
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
banaction = nftables-multiport
banaction_allports = nftables-allports
action_ = %(banaction)s[port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(action_)s
            %(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(action_)s
             %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
action_xarf = %(action_)s
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath="%(logpath)s", port="%(port)s"]
action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
                %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]
action_blocklist_de = blocklist_de[email="%(sender)s", service="%(__name__)s", apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
action_abuseipdb = abuseipdb
action = %(action_mwl)s

#+++++++++++++++++++++++++++++++++++++

#
# JAILS
#

{% if fail2ban_jails is defined %}
{% for jail in fail2ban_jails %}
#+++++++++++++++++++++++++++++++++++++
[{{ jail.name }}]
enabled = {{ jail.enabled }}
port = {{ jail.port | join(' ') }}
filter = {{ jail.filter }}
logpath = {{ jail.logpath }}
backend = {{ jail.backend }}
{% endfor %}
{% endif %}
#+++++++++++++++++++++++++++++++++++++