modules/system/networking/firewall/fail2ban.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

{ pkgs, lib, ... }:
{
  services.fail2ban = {
    enable = false;
    banaction = "nftables-multiport";
    banaction-allports = lib.mkDefault "nftables-allport";

    extraPackages = with pkgs; [
      nftables
      ipset
    ];

    ignoreIP = [
      "10.0.0.0/8"
      "172.16.0.0/12"
      "100.64.0.0/16"
      "192.168.0.0/16"
    ];
  };
}