]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/fail2ban/templates/default/jail.default.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add support for using an nftables based firewall
[chef.git] / cookbooks / fail2ban / templates / default / jail.default.erb
diff --git a/cookbooks/fail2ban/templates/default/jail.default.erb b/cookbooks/fail2ban/templates/default/jail.default.erb
index fc0f8bdc8befe9ab92434d1d131adb2d3e48ae10..890e351178fb654bbed0dab2c49e64f16520b27a 100644 (file)
--- a/cookbooks/fail2ban/templates/default/jail.default.erb
+++ b/cookbooks/fail2ban/templates/default/jail.default.erb
@@ -2,5 +2,10 @@
 
 [DEFAULT]
 destemail = admins@openstreetmap.org
+<%- if node[:networking][:firewall][:engine] == "shorewall" %>
 banaction = shorewall
+<%- elsif node[:networking][:firewall][:engine] == "nftables" %>
+banaction = nftables[type=multiport]
+banaction_allports = nftables[type=allports]
+<%- end %>
 bantime = 14400
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.