mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-24 07:37:04 +00:00
avoid a runaway /64 in jail.conf
This commit is contained in:
parent
ac24421cc3
commit
be899f2b9e
@ -5,7 +5,7 @@
|
|||||||
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
|
# Whitelist our own IP addresses. 127.0.0.1/8 is the default. But our status checks
|
||||||
# ping services over the public interface so we should whitelist that address of
|
# ping services over the public interface so we should whitelist that address of
|
||||||
# ours too. The string is substituted during installation.
|
# ours too. The string is substituted during installation.
|
||||||
ignoreip = 127.0.0.1/8 ::1/128 PUBLIC_IP PUBLIC_IPV6/64 ADMIN_HOME_IP ADMIN_HOME_IPV6/64
|
ignoreip = 127.0.0.1/8 ::1/128 PUBLIC_IP PUBLIC_IPV6/64 ADMIN_HOME_IP ADMIN_HOME_IPV6
|
||||||
bantime = 15m
|
bantime = 15m
|
||||||
findtime = 120m
|
findtime = 120m
|
||||||
maxretry = 4
|
maxretry = 4
|
||||||
|
@ -346,10 +346,17 @@ systemctl restart systemd-resolved
|
|||||||
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix, ssh, etc.
|
# Configure the Fail2Ban installation to prevent dumb bruce-force attacks against dovecot, postfix, ssh, etc.
|
||||||
rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore
|
rm -f /etc/fail2ban/jail.local # we used to use this file but don't anymore
|
||||||
rm -f /etc/fail2ban/jail.d/defaults-debian.conf # removes default config so we can manage all of fail2ban rules in one config
|
rm -f /etc/fail2ban/jail.d/defaults-debian.conf # removes default config so we can manage all of fail2ban rules in one config
|
||||||
|
|
||||||
|
if [ ! -z "$ADMIN_HOME_IPV6" ]; then
|
||||||
|
ADMIN_HOME_IPV6_FB="${ADMIN_HOME_IPV6}/64"
|
||||||
|
else
|
||||||
|
ADMIN_HOME_IPV6_FB=""
|
||||||
|
fi
|
||||||
|
|
||||||
cat conf/fail2ban/jails.conf \
|
cat conf/fail2ban/jails.conf \
|
||||||
| sed "s/PUBLIC_IPV6/$PUBLIC_IPV6/g" \
|
| sed "s/PUBLIC_IPV6/$PUBLIC_IPV6/g" \
|
||||||
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
|
| sed "s/PUBLIC_IP/$PUBLIC_IP/g" \
|
||||||
| sed "s/ADMIN_HOME_IPV6/$ADMIN_HOME_IPV6/g" \
|
| sed "s/ADMIN_HOME_IPV6/$ADMIN_HOME_IPV6_FB/g" \
|
||||||
| sed "s/ADMIN_HOME_IP/$ADMIN_HOME_IP/g" \
|
| sed "s/ADMIN_HOME_IP/$ADMIN_HOME_IP/g" \
|
||||||
| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \
|
| sed "s#STORAGE_ROOT#$STORAGE_ROOT#" \
|
||||||
> /etc/fail2ban/jail.d/00-mailinabox.conf
|
> /etc/fail2ban/jail.d/00-mailinabox.conf
|
||||||
|
Loading…
Reference in New Issue
Block a user