chore 📦: Update Fail2ban settings and add/restart/reload tasks

This commit updates the Fail2ban configuration to reduce bantime and findtime, and adds/fixes restart/reload tasks in handlers/main.yml. These changes aim to improve security and manageability of the fail2ban service.
2026-03-01 10:22:58 +01:00
parent 7c304765a4
commit bc91383094
2 changed files with 12 additions and 4 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -49,10 +49,10 @@ vm_dirty_background_ratio: 5
 vm_swappiness: "{{ proxmox_swapiness }}"

 # Fail2ban settings
-f2b_bantime: 1800             # 30 minutes
-f2b_findtime: 600
+f2b_bantime: 600              # 10 minutes
+f2b_findtime: 1200            # 20 minutes
 f2b_maxretry: 5
-f2b_recidive_bantime: 86400    # 24 hours
+f2b_recidive_bantime: 3600     # 1 hours
 f2b_recidive_findtime: 86400   # 24 hours
 f2b_recidive_maxretry: 3
 f2b_ipset_name: f2b-blacklist
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -32,10 +32,18 @@
  ansible.builtin.systemd:
    daemon_reload: true

- name: Restart fail2ban
+- name: Reload fail2ban
  ansible.builtin.systemd:
    name: fail2ban
    state: reloaded
+    enabled: true
+
+- name: Restart fail2ban
+  ansible.builtin.systemd:
+    name: fail2ban
+    state: restarted
+    enabled: true
+

 - name: Reload pve firewall
  ansible.builtin.command: pve-firewall reload