Fail2ban: Difference between revisions
imported>Occhioverde Added instructions on how to create new actions and filters; added "See also" section |
imported>Writer Reduce redudant desciptions and add new information. |
||
Line 4: | Line 4: | ||
The Fail2ban [[NixOS modules|NixOS module]] can be found under <source lang="nix" enclose="none">services.fail2ban</source>; from now on (unless differently specified), all options described are prefixed with this namespace. | The Fail2ban [[NixOS modules|NixOS module]] can be found under <source lang="nix" enclose="none">services.fail2ban</source>; from now on (unless differently specified), all options described are prefixed with this namespace. | ||
The service can be enabled | The service can be enabled with the expression: | ||
<syntaxHighlight lang=nix> | <syntaxHighlight lang=nix> | ||
services.fail2ban.enable = true; | services.fail2ban.enable = true; | ||
</syntaxHighlight> | </syntaxHighlight> | ||
This will also enable a jail for sshd, which comes with NixOS. | |||
=== Configuration === | === Configuration === | ||
The Fail2ban NixOS module exposes different parameters | |||
The Fail2ban NixOS module exposes different parameters for adjusting the configuration: | |||
* The <source lang="nix" enclose="none">maxretry</source> option allows you to specify how many failures are required for an IP address to be blocked. | * The <source lang="nix" enclose="none">maxretry</source> option allows you to specify how many failures are required for an IP address to be blocked. | ||
Line 54: | Line 56: | ||
}; | }; | ||
</syntaxHighlight> | </syntaxHighlight> | ||
These settings are written to <code>/etc/fail2ban/jail.local</code>, where fail2ban will use them. | |||
== Extending Fail2ban == | == Extending Fail2ban == |