[INCLUDES] before = uptimerobot.local [DEFAULT] # Prevents banning LAN subnets ignoreip = 127.0.0.1/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ${FAIL2BAN_IGNORED_IP} %(uptimerobot_ips)s # "bantime" is the number of seconds that a host is banned. bantime = 1w # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 15m # "maxretry" is the number of failures before a host get banned. maxretry = 3 # Default banning action banaction = %(banaction_allports)s [sshd] enabled = true chain = INPUT port = 222 logpath = %(syslog_local0)s [gitea-auth] enabled = true chain = DOCKER-USER [vaultwarden-auth] enabled = true chain = DOCKER-USER [dovecot] enabled = true chain = DOCKER-USER logpath = %(logs_path)s/mail/mail.log filter = dovecot [postfix] enabled = true chain = DOCKER-USER logpath = %(logs_path)s/mail/mail.log filter = postfix mode = extra [permaban] enabled = true chain = DOCKER-USER filter = bantime = -1