Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat : Add IPSET registration and conditional validation for Proxmox firewall configuration
All checks were successful
ansible-lint / Ansible Lint (push) Successful in 13s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details

Browse Source 
This commit introduces new features to register IPSETs and update firewall reload notifications. It also conditionally validates Proxmox firewall configurations based on changes, enhancing the robustness of the system.
This commit is contained in:
Jose
2026-02-24 19:02:24 +01:00
parent 4107a3a953
commit 79e14e7120
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tasks/fail2ban.yml
View File

@@ -124,6 +124,7 @@
[IPSET {{ f2b_ipset_name }}]
comment: Fail2Ban dynamic blacklist
create: false
register: ipset_change
notify: Reload pve firewall
# noqa risky-file-permissions
@@ -135,6 +136,7 @@
block: |
IN DROP -source +{{ f2b_ipset_name }}
create: false
register: rule_change
notify: Reload pve firewall
# noqa risky-file-permissions
@@ -150,8 +152,10 @@
- name: fail2ban | Validate Proxmox firewall configuration
ansible.builtin.command: pve-firewall compile
register: fw_compile_check
when: ipset_change.changed or rule_change.changed
changed_when: false
failed_when: fw_compile_check.rc != 0
register: fw_compile_check
# Then automatically whitelist it in Fail2Ban:
# ignoreip = 127.0.0.1/8 {{ corosync_ip.stdout }}