sapphic.moe / flake
❄️ Dotfiles for our NixOS system configuration.
fork atom

chore(services:fail2ban): test changes(???)

Chloe 17bb840f dd2f9409

options
unified split
Changed files
+3 -3
services
fail2ban
default.nix
+3 -3
services/fail2ban/default.nix 
···

       
49

       
49

       
 

       
        maxretry = 5;


     

       
50

       
50

       
 

       
        findtime = "3600";


     

       
51

       
51

       
 

       
        bantime = "86400";


     

       
52

       

       
-

       
        action = "iptables-multiport[name=SSH, port='ssh']\nabuseipdb-agenix[abuseipdb_category='18,22']";


     

       

       
52

       
+

       
        action = "iptables-multiport[name=SSH, port='ssh'] abuseipdb-agenix[abuseipdb_category='18,22']";


     

       
53

       
53

       
 

       
      };


     

       
54

       
54

       
 

       



     

       
55

       
55

       
 

       
      # Caddy HTTP/HTTPS protection - monitor for repeated 4xx/5xx errors


     
···

       
62

       
62

       
 

       
        maxretry = 10;


     

       
63

       
63

       
 

       
        findtime = "600";


     

       
64

       
64

       
 

       
        bantime = "3600";


     

       
65

       

       
-

       
        action = "iptables-multiport[name=Caddy, port='http,https']\nabuseipdb-agenix[abuseipdb_category='21']";


     

       

       
65

       
+

       
        action = "iptables-multiport[name=Caddy, port='http,https'] abuseipdb-agenix[abuseipdb_category='21']";


     

       
66

       
66

       
 

       
      };


     

       
67

       
67

       
 

       



     

       
68

       
68

       
 

       
      # Rate-based protection - ban on excessive requests


     
···

       
75

       
75

       
 

       
        maxretry = 50;


     

       
76

       
76

       
 

       
        findtime = "60";


     

       
77

       
77

       
 

       
        bantime = "1800";


     

       
78

       

       
-

       
        action = "iptables-multiport[name=Caddy-RateLimit, port='http,https']\nabuseipdb-agenix[abuseipdb_category='21']";


     

       

       
78

       
+

       
        action = "iptables-multiport[name=Caddy-RateLimit, port='http,https'] abuseipdb-agenix[abuseipdb_category='21']";


     

       
79

       
79

       
 

       
      };


     

       
80

       
80

       
 

       
    };


     

       
81

       
81

       
 

       
  };