diff options
| author | Renaud <c0bw3b@users.noreply.github.com> | 2016-12-14 14:58:02 +0100 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2016-12-14 14:58:02 +0100 |
| commit | fa0a63ec13bcd87710c10a29ba3489374333c4ef (patch) | |
| tree | 6930e8ce18419f84a2f1bc28c33d5461dd4f2c07 /nixos/modules/services/security | |
| parent | c3edaab52d29ea953fa88c4d9a6eb08a14f580f5 (diff) | |
| download | nixlib-fa0a63ec13bcd87710c10a29ba3489374333c4ef.tar nixlib-fa0a63ec13bcd87710c10a29ba3489374333c4ef.tar.gz nixlib-fa0a63ec13bcd87710c10a29ba3489374333c4ef.tar.bz2 nixlib-fa0a63ec13bcd87710c10a29ba3489374333c4ef.tar.lz nixlib-fa0a63ec13bcd87710c10a29ba3489374333c4ef.tar.xz nixlib-fa0a63ec13bcd87710c10a29ba3489374333c4ef.tar.zst nixlib-fa0a63ec13bcd87710c10a29ba3489374333c4ef.zip | |
fail2ban service : improve ssh jail (#21131)
Improvement to the ssh-iptables to block the port(s) actually defined for sshd in config.services.openssh.ports
Diffstat (limited to 'nixos/modules/services/security')
| -rw-r--r-- | nixos/modules/services/security/fail2ban.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix index 22e3bb0066cc..716ae7a2d2f4 100644 --- a/nixos/modules/services/security/fail2ban.nix +++ b/nixos/modules/services/security/fail2ban.nix @@ -143,7 +143,7 @@ in services.fail2ban.jails.ssh-iptables = '' filter = sshd - action = iptables[name=SSH, port=ssh, protocol=tcp] + action = iptables-multiport[name=SSH, port="${concatMapStringsSep "," (p: toString p) config.services.openssh.ports}", protocol=tcp] maxretry = 5 ''; |