From 26f23065257cbc76a18b4a30c313b7285265ecfc Mon Sep 17 00:00:00 2001 From: webracer999 Date: Fri, 12 Jul 2024 15:20:08 +0000 Subject: [PATCH] fail2ban-setup: *.local instead of *.conf (#14) `man 5 jail.conf`: CONFIGURATION FILES FORMAT *.conf files are distributed by Fail2Ban. It is recommended that *.conf files should remain unchanged to ease upgrades. If needed, customizations should be provided in *.local files. For example, if you would like to enable the [ssh-iptables-ipset] jail specified in jail.conf, create jail.local containing Reviewed-on: https://gitea.com/gitea/docs/pulls/14 Reviewed-by: techknowlogick Co-authored-by: webracer999 Co-committed-by: webracer999 --- docs/administration/fail2ban-setup.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/administration/fail2ban-setup.md b/docs/administration/fail2ban-setup.md index 5ca2a577..bd0d92a2 100644 --- a/docs/administration/fail2ban-setup.md +++ b/docs/administration/fail2ban-setup.md @@ -60,16 +60,16 @@ on a bad authentication from the web or CLI using SSH or HTTP respectively: 2020/10/15 16:08:44 ...s/context/context.go:204:HandleText() [E] invalid credentials from xxx.xxx.xxx.xxx ``` -Add our filter in `/etc/fail2ban/filter.d/gitea.conf`: +Add our filter in `/etc/fail2ban/filter.d/gitea.local`: ```ini -# gitea.conf +# gitea.local [Definition] failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from ignoreregex = ``` -Add our jail in `/etc/fail2ban/jail.d/gitea.conf`: +Add our jail in `/etc/fail2ban/jail.d/gitea.local`: ```ini [gitea] @@ -83,7 +83,7 @@ action = iptables-allports ``` If you're using Docker, you'll also need to add an additional jail to handle the **FORWARD** -chain in **iptables**. Configure it in `/etc/fail2ban/jail.d/gitea-docker.conf`: +chain in **iptables**. Configure it in `/etc/fail2ban/jail.d/gitea-docker.local`: ```ini [gitea-docker]