fail2ban service : improve ssh jail (#21131)

Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
This commit is contained in:
Renaud 2016-12-14 14:58:02 +01:00 committed by Robin Gloster
parent c3edaab52d
commit fa0a63ec13

View File

@ -143,7 +143,7 @@ in
services.fail2ban.jails.ssh-iptables =
''
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
action = iptables-multiport[name=SSH, port="${concatMapStringsSep "," (p: toString p) config.services.openssh.ports}", protocol=tcp]
maxretry = 5
'';