external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-03 00:07:05 +00:00
Code Issues Releases Wiki Activity

improve handling of unconfigured ipv6

Browse Source
This commit is contained in:
KiekerJan 2023-03-10 21:30:20 +01:00
parent 2d9aa20b36
commit 4e4055b956
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf/fail2ban/jails.conf
View File

@ -5,7 +5,7 @@
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks # Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
# ping services over the public interface so we should whitelist that address of # ping services over the public interface so we should whitelist that address of
# ours too. The string is substituted during installation. # ours too. The string is substituted during installation.
ignoreip = 127.0.0.1/8 ::1/128 PUBLIC_IP PUBLIC_IPV6/64 ADMIN_HOME_IP ADMIN_HOME_IPV6 ignoreip = 127.0.0.1/8 ::1/128 PUBLIC_IP PUBLIC_IPV6 ADMIN_HOME_IP ADMIN_HOME_IPV6
bantime = 15m bantime = 15m
findtime = 120m findtime = 120m
maxretry = 4 maxretry = 4

11
setup/system.sh
View File

@ -374,14 +374,21 @@ systemctl restart systemd-resolved
rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore
rm -f /etc/fail2ban/jail.d/defaults-debian.conf # removes default config so we can manage all of fail2ban rules in one config rm -f /etc/fail2ban/jail.d/defaults-debian.conf # removes default config so we can manage all of fail2ban rules in one config
# Take into account ipv6 might not be used
if [ ! -z "$PUBLIC_IPV6" ]; then
PUBLIC_IPV6_FB="${PUBLIC_IPV6}/64"
else
PUBLIC_IPV6_FB=""
fi
if [ ! -z "$ADMIN_HOME_IPV6" ]; then if [ ! -z "$ADMIN_HOME_IPV6" ]; then
ADMIN_HOME_IPV6_FB="${ADMIN_HOME_IPV6}/64" ADMIN_HOME_IPV6_FB="${ADMIN_HOME_IPV6}/64"
else else
ADMIN_HOME_IPV6_FB="" ADMIN_HOME_IPV6_FB=""
fi fi
cat conf/fail2ban/jails.conf \ cat conf/fail2ban/jails.conf \
| sed "s/PUBLIC_IPV6/$PUBLIC_IPV6/g" \ | sed "s/PUBLIC_IPV6/$PUBLIC_IPV6_FB/g" \
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \ | sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
| sed "s/ADMIN_HOME_IPV6/$ADMIN_HOME_IPV6_FB/g" \ | sed "s/ADMIN_HOME_IPV6/$ADMIN_HOME_IPV6_FB/g" \
| sed "s/ADMIN_HOME_IP/$ADMIN_HOME_IP/g" \ | sed "s/ADMIN_HOME_IP/$ADMIN_HOME_IP/g" \