ansible-roles/fail2ban/tasks/fail2ban-rules.yml

---
- name: Install the fail2ban custom jail file
  template: src=jail.local.j2 dest=/etc/fail2ban/jail.local owner=root group=root mode=444
  notify: Restart fail2ban
  tags: fail2ban

- name: Install the fail2ban apache ddos filter
  template: src=apache-ddos-filter.conf.j2 dest=/etc/fail2ban/filter.d/apache-ddos-filter.conf owner=root group=root mode=0444
  when: f2b_apache_ddos_enabled
  notify: Restart fail2ban
  tags: [ 'fail2ban', 'f2b_apache_ddos' ]

- name: Install the fail2ban apache ddos rule
  template: src=apache-ddos-jail.conf.j2 dest=/etc/fail2ban/jail.d/apache-ddos-jail.conf owner=root group=root mode=0444
  when: f2b_apache_ddos_enabled
  notify: Restart fail2ban
  tags: [ 'fail2ban', 'f2b_apache_ddos' ]

- name: Install the fail2ban nginx ddos filter
  template: src=nginx-ddos-filter.conf.j2 dest=/etc/fail2ban/filter.d/nginx-ddos-filter.conf owner=root group=root mode=0444
  when: f2b_nginx_ddos_enabled
  notify: Restart fail2ban
  tags: [ 'fail2ban', 'f2b_apache_ddos' ]

- name: Install the fail2ban nginx ddos rule
  template: src=nginx-ddos-jail.conf.j2 dest=/etc/fail2ban/jail.d/nginx-ddos-jail.conf owner=root group=root mode=0444
  when: f2b_nginx_ddos_enabled
  notify: Restart fail2ban
  tags: [ 'fail2ban', 'f2b_apache_ddos' ]
library/roles/fail2ban: add two new jails: DDOS control for apache and nginx. 2015-11-29 20:25:29 +01:00			`---`
			`- name: Install the fail2ban custom jail file`
			`template: src=jail.local.j2 dest=/etc/fail2ban/jail.local owner=root group=root mode=444`
			`notify: Restart fail2ban`
			`tags: fail2ban`

			`- name: Install the fail2ban apache ddos filter`
			`template: src=apache-ddos-filter.conf.j2 dest=/etc/fail2ban/filter.d/apache-ddos-filter.conf owner=root group=root mode=0444`
			`when: f2b_apache_ddos_enabled`
			`notify: Restart fail2ban`
			`tags: [ 'fail2ban', 'f2b_apache_ddos' ]`

			`- name: Install the fail2ban apache ddos rule`
			`template: src=apache-ddos-jail.conf.j2 dest=/etc/fail2ban/jail.d/apache-ddos-jail.conf owner=root group=root mode=0444`
			`when: f2b_apache_ddos_enabled`
			`notify: Restart fail2ban`
			`tags: [ 'fail2ban', 'f2b_apache_ddos' ]`

			`- name: Install the fail2ban nginx ddos filter`
			`template: src=nginx-ddos-filter.conf.j2 dest=/etc/fail2ban/filter.d/nginx-ddos-filter.conf owner=root group=root mode=0444`
			`when: f2b_nginx_ddos_enabled`
			`notify: Restart fail2ban`
			`tags: [ 'fail2ban', 'f2b_apache_ddos' ]`

			`- name: Install the fail2ban nginx ddos rule`
			`template: src=nginx-ddos-jail.conf.j2 dest=/etc/fail2ban/jail.d/nginx-ddos-jail.conf owner=root group=root mode=0444`
			`when: f2b_nginx_ddos_enabled`
			`notify: Restart fail2ban`
			`tags: [ 'fail2ban', 'f2b_apache_ddos' ]`