From 128541d506ecddec816dc16e664cef134a53a9ed Mon Sep 17 00:00:00 2001
From: KiekerJan <github@kiekerjan.isdronken.nl>
Date: Sat, 31 Jul 2021 21:36:38 +0200
Subject: [PATCH] add alternative sshd port to ssh jail

---
 setup/system.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/setup/system.sh b/setup/system.sh
index 90acf1df..40d17087 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -356,6 +356,20 @@ cat conf/fail2ban/jails.conf \
 cp -f conf/fail2ban/filter.d/* /etc/fail2ban/filter.d/
 cp -f conf/fail2ban/jail.d/* /etc/fail2ban/jail.d/
 
+# If SSH port is not default, add the not default to the ssh jail
+if [ ! -z "$SSH_PORT" ]; then
+	# create backup copy
+	cp -f /etc/fail2ban/jail.conf jail.conf.miab_old
+	
+	if [ "$SSH_PORT" != "22" ]; then
+		# Add alternative SSH port
+		sed -i "s/port[ ]\+=[ ]\+ssh$/port = ssh,$SSH_PORT/g" /etc/fail2ban/jail.conf
+	else
+		# Set SSH port to default
+		sed -i "s/port[ ]\+=[ ]\+ssh/port = ssh/g" /etc/fail2ban/jail.conf
+	fi
+fi
+
 # fail2ban should be able to look back far enough because we increased findtime of recidive jail
 tools/editconf.py /etc/fail2ban/fail2ban.conf dbpurgeage=7d