refactor: use lists to store IPs and subnets that are to be ignored by fail2ban

6761cfbc · Jörg Sachse · 239da1ef · 6761cfbc · 6761cfbc · 6761cfbc
Commit 6761cfbc authored 4 months ago by Jörg Sachse
--- a/defaults/main.yml
+++ b/defaults/main.yml
+---
+# VLAN subnets that are to be ignored by fail2ban.
+vlans: []
+# Grand Unified Boot Server (GUBS) IPs that are to be ignored by fail2ban.
+gubs_ips: []
+# Greenbone security manager IP that is to be ignored by fail2ban.
+host_greenbone: ""
--- a/tasks/configure_fail2ban.yml
+++ b/tasks/configure_fail2ban.yml
@@ -29,7 +29,7 @@

      # ignored IPs: localhost, VLAN 20 (DV), sdvgubs10 (IP from multiple
      # subnets/VLANs), VPN IP ranges
-      ignoreip = 127.0.0.1/8 {{ vault_net_vlan_20 }} {{ vault_net_vlan_vpn_4 }} {{ vault_net_vlan_vpn_5 }} {{ vault_net_vlan_vpn_6 }} {{ vault_gubs_vlan_10 }} {{ vault_gubs_vlan_11 }} {{ vault_gubs_vlan_13 }} {{ vault_gubs_vlan_14 }} {{ vault_gubs_vlan_21 }} {{ vault_gubs_vlan_24 }} {{ vault_host_greenbone }}
+      ignoreip = 127.0.0.1/8 {{ vlans }} {{ vault_gubs_ips }} {{ vault_host_greenbone }}

      # number of failures that have to occur in the last findtime seconds to
      # ban then IP.

--- a/vars/main.yml
+++ b/vars/main.yml
 ---
+# VLAN subnets that are to be ignored by fail2ban.
+vlans: "{{ vault_vlans }}"
+# Grand Unified Boot Server (GUBS) IPs that are to be ignored by fail2ban.
+gubs_ips: "{{ vault_gubs_ips }}"
+# Greenbone security manager IP that is to be ignored by fail2ban.
+host_greenbone: "{{ vault_host_greenbone }}"