pyrox.dev
fail2ban service : improve ssh jail (#21131)
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
authored by Renaud and committed by Robin Gloster fa0a63ec c3edaab5
+1
-1
nixos/modules/services/security/fail2ban.nix
+1
-1
nixos/modules/services/security/fail2ban.nix
···
143
143
services.fail2ban.jails.ssh-iptables =
144
144
''
145
145
filter = sshd
146
-
action = iptables[name=SSH, port=ssh, protocol=tcp]
146
+
action = iptables-multiport[name=SSH, port="${concatMapStringsSep "," (p: toString p) config.services.openssh.ports}", protocol=tcp]
147
147
maxretry = 5
148
148
'';
149
149