fail2ban service : improve ssh jail (#21131)
Improvement to the ssh-iptables to block the port(s) actually defined for sshd in config.services.openssh.ports
This commit is contained in:
parent
c3edaab52d
commit
fa0a63ec13
@ -143,7 +143,7 @@ in
|
||||
services.fail2ban.jails.ssh-iptables =
|
||||
''
|
||||
filter = sshd
|
||||
action = iptables[name=SSH, port=ssh, protocol=tcp]
|
||||
action = iptables-multiport[name=SSH, port="${concatMapStringsSep "," (p: toString p) config.services.openssh.ports}", protocol=tcp]
|
||||
maxretry = 5
|
||||
'';
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user