From abdc15191b279af32cc086d1af3764c1a180cefb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gardais=20J=C3=A9r=C3=A9my?=
 <jeremy.gardais@univ-rennes1.fr>
Date: Fri, 30 Jul 2021 11:04:37 +0200
Subject: [PATCH] Add infos about Fail2ban integration

---
 README.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/README.md b/README.md
index 71b5e4e..454af6a 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@
      * [With playbooks](#with-playbooks)
      * [With group_vars and host_vars](#with-group_vars-and-host_vars)
 1. [Configuration](#configuration)
+     * [Fail2ban integration](#fail2ban-integration)
 1. [Development](#development)
 1. [License](#license)
 1. [Author Information](#author-information)
@@ -569,6 +570,15 @@ This role will :
 * Reload `nftables` service at next runs to avoid to let the host without firewall
   rules due to invalid syntax.
 
+### Fail2ban integration
+
+Before Debian Bullseye, systemd unit for Fail2ban doesn't come with a decent
+integration with Nftables.
+So this role will create override file for `fail2ban` unit, even if it's not
+(yet) available on the host, in order to :
+* Start `fail2ban` unit after `nftables`.
+* Restart `fail2ban` unit when `nftables` unit restart.
+
 ## Development
 
 This source code comes from our [Gitea instance][nftables source] and the