diff options
Diffstat (limited to 'modules/system/networking/fail2ban.nix')
| -rw-r--r-- | modules/system/networking/fail2ban.nix | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/modules/system/networking/fail2ban.nix b/modules/system/networking/fail2ban.nix index fa45565..6311b14 100644 --- a/modules/system/networking/fail2ban.nix +++ b/modules/system/networking/fail2ban.nix @@ -1,18 +1,20 @@ -{ lib, config, ... }: +{ pkgs, lib, ... }: { services.fail2ban = { enable = false; + banaction = "nftables-multiport"; + banaction-allports = lib.mkDefault "nftables-allport"; + + extraPackages = with pkgs; [ + nftables + ipset + ]; ignoreIP = [ "10.0.0.0/8" "172.16.0.0/12" + "100.64.0.0/16" "192.168.0.0/16" ]; - - jails.sshd.settings = { - enabled = true; - filter = "sshd[mode=aggressive]"; - port = lib.strings.concatStringsSep "," (map toString config.services.openssh.ports); - }; }; } |