# This file is managed by Puppet. DO NOT EDIT. [DEFAULT] ignoreip = <%= scope.lookupvar('fail2ban::ignoreip') * ' ' %> bantime = <%= scope.lookupvar('fail2ban::bantime') %> findtime = <%= scope.lookupvar('fail2ban::findtime') %> maxretry = <%= scope.lookupvar('fail2ban::maxretry') %> backend = <%= scope.lookupvar('fail2ban::backend') %> [imap-iptables] enabled = <%= scope.lookupvar('fail2ban::array_jails').include? "imap" %> filter = dovecot action = iptables[name=IMAP, port=imap, protocol=tcp] <% unless scope.lookupvar('fail2ban::mailto').empty? -%> sendmail-whois[name=POP3, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>] <% end -%> logpath = /var/log/maillog maxretry = 5 [pop3-iptables] enabled = <%= scope.lookupvar('fail2ban::array_jails').include? "pop3" %> filter = mail action = iptables[name=POP3, port=pop3, protocol=tcp] <% unless scope.lookupvar('fail2ban::mailto').empty? -%> sendmail-whois[name=POP3, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>] <% end -%> logpath = /var/log/maillog maxretry = 5 [ssh-iptables] enabled = <%= scope.lookupvar('fail2ban::array_jails').include? "ssh" %> filter = sshd action = iptables[name=SSH, port=ssh, protocol=tcp] <% unless scope.lookupvar('fail2ban::mailto').empty? -%> sendmail-whois[name=SSH, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>] <% end -%> <% if @operatingsystem == "Debian" -%> logpath = /var/log/auth.log <% else -%> logpath = /var/log/secure <% end -%> maxretry = 5 [vsftpd-iptables] enabled = <%= scope.lookupvar('fail2ban::array_jails').include? "vsftpd" %> filter = vsftpd action = iptables[name=VSFTPD, port=ftp, protocol=tcp] <% unless scope.lookupvar('fail2ban::mailto').empty? -%> sendmail-whois[name=VSFTPD, dest=<%= scope.lookupvar('fail2ban::mailto') %>, sender=fail2ban@<%= @fqdn %>] <% end -%> logpath = /var/log/vsftpd.log maxretry = 5 bantime = 1800