Add infos about Fail2ban integration
This commit is contained in:
parent
ac61739f91
commit
abdc15191b
GPG Key ID:
E759BAA22501AF32
10
README.md
10
README.md
|
|
@ -8,6 +8,7 @@
|
||||||
* [With playbooks](#with-playbooks)
|
* [With playbooks](#with-playbooks)
|
||||||
* [With group_vars and host_vars](#with-group_vars-and-host_vars)
|
* [With group_vars and host_vars](#with-group_vars-and-host_vars)
|
||||||
1. [Configuration](#configuration)
|
1. [Configuration](#configuration)
|
||||||
|
* [Fail2ban integration](#fail2ban-integration)
|
||||||
1. [Development](#development)
|
1. [Development](#development)
|
||||||
1. [License](#license)
|
1. [License](#license)
|
||||||
1. [Author Information](#author-information)
|
1. [Author Information](#author-information)
|
||||||
|
|
@ -569,6 +570,15 @@ This role will :
|
||||||
* Reload `nftables` service at next runs to avoid to let the host without firewall
|
* Reload `nftables` service at next runs to avoid to let the host without firewall
|
||||||
rules due to invalid syntax.
|
rules due to invalid syntax.
|
||||||
|
|
||||||
|
### Fail2ban integration
|
||||||
|
|
||||||
|
Before Debian Bullseye, systemd unit for Fail2ban doesn't come with a decent
|
||||||
|
integration with Nftables.
|
||||||
|
So this role will create override file for `fail2ban` unit, even if it's not
|
||||||
|
(yet) available on the host, in order to :
|
||||||
|
* Start `fail2ban` unit after `nftables`.
|
||||||
|
* Restart `fail2ban` unit when `nftables` unit restart.
|
||||||
|
|
||||||
## Development
|
## Development
|
||||||
|
|
||||||
This source code comes from our [Gitea instance][nftables source] and the
|
This source code comes from our [Gitea instance][nftables source] and the
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue