From bc9138309448464cb2af4e7a94c89736447be3d3 Mon Sep 17 00:00:00 2001
From: Jose <joseraj@gmail.com>
Date: Sun, 1 Mar 2026 10:22:58 +0100
Subject: [PATCH] =?UTF-8?q?chore=20=F0=9F=93=A6:=20Update=20Fail2ban=20set?=
 =?UTF-8?q?tings=20and=20add/restart/reload=20tasks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit updates the Fail2ban configuration to reduce bantime and findtime, and adds/fixes restart/reload tasks in handlers/main.yml. These changes aim to improve security and manageability of the fail2ban service.
---
 defaults/main.yml |  6 +++---
 handlers/main.yml | 10 +++++++++-
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 041d1ba..621e915 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -49,10 +49,10 @@ vm_dirty_background_ratio: 5
 vm_swappiness: "{{ proxmox_swapiness }}"
 
 # Fail2ban settings
-f2b_bantime: 1800             # 30 minutes
-f2b_findtime: 600
+f2b_bantime: 600              # 10 minutes
+f2b_findtime: 1200            # 20 minutes
 f2b_maxretry: 5
-f2b_recidive_bantime: 86400    # 24 hours
+f2b_recidive_bantime: 3600     # 1 hours
 f2b_recidive_findtime: 86400   # 24 hours
 f2b_recidive_maxretry: 3
 f2b_ipset_name: f2b-blacklist
diff --git a/handlers/main.yml b/handlers/main.yml
index 600b186..dd5e59b 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -32,10 +32,18 @@
   ansible.builtin.systemd:
     daemon_reload: true
 
-- name: Restart fail2ban
+- name: Reload fail2ban
   ansible.builtin.systemd:
     name: fail2ban
     state: reloaded
+    enabled: true
+
+- name: Restart fail2ban
+  ansible.builtin.systemd:
+    name: fail2ban
+    state: restarted
+    enabled: true
+
 
 - name: Reload pve firewall
   ansible.builtin.command: pve-firewall reload