Fail2ban: Difference between revisions

(2 intermediate revisions by 2 users not shown)

Line 4:

== Basic Usage ==

Enable Fail2ban [[NixOS modules|NixOS module]] with the expression:

<~~syntaxHighlight lang=nix~~>

{{file|/etc/nixos/configuration.nix|nix|

services.fail2ban.enable = true;

</~~syntaxHighlight~~>

</nowiki>

NixOS comes with a pre-configured SSH jail which will observe errors in the SSH daemon and ban offending IPs. If all you need is basic rate-limiting and only have the SSH port exposed, you don't have to setup anything else.

}}

NixOS comes with a pre-configured SSH jail which will observe errors in the [[SSH#OpenSSH Server|SSH daemon]] and ban offending IPs. If all you need is basic rate-limiting and only have the SSH port exposed, you don't have to setup anything else.

For additional configuration options, see the{{nixos:option|services.fail2ban}} module documentation.

== Advanced Usage ==

Line 83:

Line 90:

The defined filters and actions can then be used in a new jail (created as seen above):

<~~syntaxHighlight~~ lang=nix>

services.fail2ban = {

# --- snip ---

jails = {

~~ngnix~~-url-probe.settings = {

nginx-url-probe.settings = {

enabled = true;

filter = "nginx-url-probe";

Line 99:

Line 106:

};

</~~syntaxHighlight~~>

</syntaxhighlight>

For more details on how to develop Fail2ban filters please see [https://fail2ban.readthedocs.io/en/latest/filters.html the official documentation].

Line 109:

Line 116:

[[Category:Applications]]

[[Category:Server]]

[[Category:Networking]]

@@ Line 4: / Line 4: @@
 == Basic Usage ==
 Enable Fail2ban [[NixOS modules|NixOS module]] with the expression:
-<syntaxHighlight lang=nix>
+{{file|/etc/nixos/configuration.nix|nix|
+<nowiki>
    services.fail2ban.enable = true;
-</syntaxHighlight>
+</nowiki>
-NixOS comes with a pre-configured SSH jail which will observe errors in the SSH daemon and ban offending IPs. If all you need is basic rate-limiting and only have the SSH port exposed, you don't have to setup anything else.
+}}
+NixOS comes with a pre-configured SSH jail which will observe errors in the [[SSH#OpenSSH Server|SSH daemon]] and ban offending IPs. If all you need is basic rate-limiting and only have the SSH port exposed, you don't have to setup anything else.
+For additional configuration options, see the{{nixos:option|services.fail2ban}} module documentation.
 == Advanced Usage ==
@@ Line 83: / Line 90: @@
 The defined filters and actions can then be used in a new jail (created as seen above):
-<syntaxHighlight lang=nix>
+<syntaxhighlight lang="nix">
    services.fail2ban = {
      # --- snip ---
      jails = {
-       ngnix-url-probe.settings = {
+       nginx-url-probe.settings = {
          enabled = true;
          filter = "nginx-url-probe";
@@ Line 99: / Line 106: @@
      };
    };
-</syntaxHighlight>
+</syntaxhighlight>
 For more details on how to develop Fail2ban filters please see [https://fail2ban.readthedocs.io/en/latest/filters.html the official documentation].
@@ Line 109: / Line 116: @@
 [[Category:Applications]]
+[[Category:Server]]
+[[Category:Networking]]