26 lines
668 B
Nix
26 lines
668 B
Nix
{ config, pkgs, ... }: {
|
|
services.fail2ban = {
|
|
enable = true;
|
|
package = pkgs.fail2ban;
|
|
packageFirewall = pkgs.nftables;
|
|
banaction = "nftables-multiport";
|
|
banaction-allports = "nftables-allport";
|
|
bantime-increment.enable = true;
|
|
# ignoreIP = [ "10.0.0.0/24" "10.3.0.0/24" ];
|
|
daemonConfig = ''
|
|
[Definition]
|
|
loglevel = INFO
|
|
logtarget = SYSLOG
|
|
socket = /run/fail2ban/fail2ban.sock
|
|
pidfile = /run/fail2ban/fail2ban.pid
|
|
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
|
|
'';
|
|
jails = {
|
|
sshd = ''
|
|
maxretry = 3
|
|
mode = aggressive
|
|
'';
|
|
};
|
|
};
|
|
}
|