fail2forward

playbooks/fail2ban/fail2ban.yml

@@ -36,9 +36,15 @@
         owner: root
         group: root
         mode: '0644'
-      notify: Restart fail2ban
 
-  handlers:
+    - name: Copy forward.conf
+      ansible.builtin.template:
+        src: forward.conf.j2
+        dest: /etc/fail2ban/action.d/forward.conf
+        owner: root
+        group: root
+        mode: '0644'
+
     - name: Restart fail2ban
       ansible.builtin.service:
         name: fail2ban

playbooks/fail2ban/fail2forward_id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpbmyeKy5UjpTrLJk/QYzagg4MHfBV0/wPsAicn9jzxiK3Pqtn4zTCLchBis5Cfoc1aQCqUSp3X6CCjO5FIU0uaMAQPrZneecpSyDbNGkJuUM7JE2dY2pvMSdPpwzR54aauW56/HhtTARVZwgFOKwjcBaf3Fv98qiAzTTqGJjSJOZ6nFiuPm0PQ40867bUFLHuIJJBJVg3PHy+k0mUIsA8yF3ksSQOgyms2Iy54G6hL8ynpDoiLilbc4iYpBAyKjFCHx3Si1LIIH/hp2znexuzLRK68G7a919sEw+OT1h2gJLBnA6G36UwR4rVIQkNdScuM2WzggqGIdgbK8lOSCXf ansible-generated on beepi

playbooks/fail2ban/forward.conf.j2

@@ -0,0 +1,12 @@
+[Definition]
+actionstart =
+actionstop =
+actioncheck =
+
+actionban = sudo -u fail2forward ssh -i ~fail2forward/.ssh/id_rsa -o BatchMode=yes -o ConnectTimeout=5 -o ServerAliveInterval=5 <forward_user>@<forward_host> ban <ip>
+
+actionunban = sudo -u fail2forward ssh -i ~fail2forward/.ssh/id_rsa -o BatchMode=yes -o ConnectTimeout=5 -o ServerAliveInterval=5 <forward_user>@<forward_host> unban <ip>
+
+[Init]
+forward_host = animeistrash.org
+forward_user = fail2forward

playbooks/fail2ban/jail.local.j2

@@ -5,6 +5,10 @@ maxretry = 5
 banaction = ufw
 bantime.increment = true
 bantime.multipliers = 1 5 30 60 300 720 1440 2880
+ignoreip = 81.217.198.106
+
+action = %(action_)s
+         forward
 
 [sshd]
 enabled = true