bootstrap/base-files/fail2ban/jail.local

[DEFAULT]

#
# MISCELLANEOUS OPTIONS
#

# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8 212.78.94.73 216.119.155.57 216.119.155.58 216.119.155.59 216.119.155.60 216.119.155.61 216.119.155.62 91.109.244.7 91.109.244.8 91.109.244.9 91.109.244.10 91.109.244.11 185.176.90.169 82.163.78.10 ::1 2a02:2498:e004:2a::/64 2a02:2498:1:227::/64 2a07:4580:b0d:57f::169 2a02:2498:e004:1:216:3eff:fe69:98ba afterdark.org.uk

# "bantime" is the number of seconds that a host is banned.
bantime  = 12h

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 2h

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

# "usedns" specifies if jails should trust hostnames in logs,
#   warn when DNS lookups are performed, or ignore all hostnames in logs
#
# yes:   if a hostname is encountered, a DNS lookup will be performed.
# warn:  if a hostname is encountered, a DNS lookup will be performed,
#        but it will be logged as a warning.
# no:    if a hostname is encountered, will not be used for banning,
#        but it will be logged as info.
# raw:   use raw value (no hostname), allow use it for no-host filters/actions (example user)
usedns = warn

#
# ACTIONS
#

# Some options used for actions

# Destination email address used solely for the interpolations in
# jail.{conf,local,d/*} configuration files.
destemail = root@localhost

# Sender email address used solely for some actions
sender = root@<fq-hostname>

#
# JAILS
#

[sshd]

# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode   = normal
enabled	= yes
port = 9922

#[apache-auth]
#enabled	= yes
#