On 02/07/2021 09:23, Nick Howitt wrote:
I had a thread in April
(https://www.mail-archive.com/fail2ban-users@lists.sourceforge.net/msg02953.html)
about using my own variable and then incorporating it into the
ignoreip line as I could then maintain it programmatically for my
distro, but it seems not to be working.
In my jail.local I have:
[DEFAULT]
lan_subnets = 172.172.0.0/22
ignoreip = %(lan_subnets)s 127.0.0.1/8 10.8.0.0/24 172.18.0.0/15
67.18.3.134 173.255.233.57 159.203.59.228 209.90.117.194
Have I got the syntax right? Also, how can I check it it is loading
correctly as I see nothing when I start f2b? Or do I need to start f2b
in some sort of debug mode or increase logging verbosity?
I think ignoreip has to specified *explicitly* in each jail in which you
want to use it. Perhaps ignoreip = 'undefined' overrides the setting in
[DEFAULT]? This is not logical (to me) but you can workaround it thus:
[DEFAULT]
lan_subnets = 172.172.0.0/22
my_ignoreip = %(lan_subnets)s 127.0.0.1/8 10.8.0.0/24 172.18.0.0/15
67.18.3.134 173.255.233.57 159.203.59.228 209.90.117.194
[myjail]
ignoreip = $(my_ignoreip)%
If you still have problems, study (and maybe post to)
https://github.com/fail2ban/fail2ban/issues/1464.
When posting, do always say which version of f2b you are using, things
have changed a lot between versions in recent years.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
