Ansible Role: fail2ban

An Ansible Role that installs Fail2Ban on Asymworks servers.

Requirements

None

Role Variables

Available variables are listed below, along with default values if applicable (see defaults/main.yml):

f2b_ignore_ips: ['127.0.0.1/8', '::1']
f2b_ban_time: 10m
f2b_find_time: 10m
f2b_max_retries: 5

Sets up the basic Fail2Ban configuration including passlisted IPs and durations.

f2b_email: true
f2b_email_dest: "root@{{ ansible_fqdn }}"
f2b_email_sender: "root@{{ ansible_fqdn }}"
f2b_email_mta: sendmail

Fail2ban email notification settings. A sendmail compatible MTA must be installed (note the mSMTP Ansible Role symlinks msmtp to sendmail automatically).

f2b_action: mwl

Fail2ban action when a jail is triggered. The default bans the IP address, sends a report, and includes logging context in the report email.

f2b_ssh_enabled: true
f2b_ssh_name: sshd

Whether to enable Fail2Ban for the SSH server, optionally using a different jail name (e.g. dropbear instead of sshd).

Role Facts

None

Dependencies

None

Example Playbook

- hosts: all
  roles:
    asymworks.baseline
    asymworks.fail2ban

License

MIT / BSD

Author

This role was created in 2019 by Jonathan Krauss for managing home network infrastructure.

asymworks/ansible-role-fail2ban

Ansible Role: fail2ban

Requirements

Role Variables

Role Facts

Dependencies

Example Playbook

License

Author