setup fail2ban with expected internal IP ranges on ignore

2026-03-30 01:37:25 -04:00 · 2026-03-16 10:23:02 -04:00 · 2026-03-16 10:23:02 -04:00 · fb241568a2
commit fb241568a2
parent 8d2453f31f
1 changed files with 7 additions and 1 deletions
--- a/hosts/common/core/ssh.nix
+++ b/hosts/common/core/ssh.nix
@ -32,5 +32,11 @@
    };
  };

-  #services.fail2ban.enable = lib.mkDefault true; # This comes with an SSH jail preconfigured, expanded fail2ban can be found in modules/services
+  services.fail2ban = {
+    enable = lib.mkDefault true;
+    ignoreIP = [ # Expected internal IP ranges
+      "172.16.0.0/12"
+      "192.168.0.0/16"
+    ];
+  };
 }