modules/core/networking/firewall/fail2ban.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

{
  config,
  pkgs,
  ...
}:
{
  services.fail2ban = {
    enable = config.modules.networking.fail2ban.enable;

    extraPackages = with pkgs; [
      nftables
      ipset
    ];

    ignoreIP = [
      "10.0.0.0/8"
      "172.16.0.0/12"
      "100.64.0.0/16"
      "192.168.0.0/16"
    ];
  };
}