Add infos about Fail2ban integration

2021-07-30 11:04:37 +02:00 · 2021-07-30 11:04:37 +02:00 · abdc15191b
parent ac61739f91
commit abdc15191b
1 changed files with 10 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -8,6 +8,7 @@
     * [With playbooks](#with-playbooks)
     * [With group_vars and host_vars](#with-group_vars-and-host_vars)
 1. [Configuration](#configuration)
+     * [Fail2ban integration](#fail2ban-integration)
 1. [Development](#development)
 1. [License](#license)
 1. [Author Information](#author-information)
@ -569,6 +570,15 @@ This role will :
 * Reload `nftables` service at next runs to avoid to let the host without firewall
  rules due to invalid syntax.

+### Fail2ban integration
+
+Before Debian Bullseye, systemd unit for Fail2ban doesn't come with a decent
+integration with Nftables.
+So this role will create override file for `fail2ban` unit, even if it's not
+(yet) available on the host, in order to :
+* Start `fail2ban` unit after `nftables`.
+* Restart `fail2ban` unit when `nftables` unit restart.
+
 ## Development

 This source code comes from our [Gitea instance][nftables source] and the