This refactoring extracts the logic for processing Corosync ring addresses and determining their CIDRs. It then updates the `ignoreip` setting in the fail2ban configuration accordingly. This change improves modularity and maintainability of the code.
This commit introduces new features to register IPSETs and update firewall reload notifications. It also conditionally validates Proxmox firewall configurations based on changes, enhancing the robustness of the system.
This commit introduces a new feature that allows conditional execution of the PVE firewall reload command based on certain conditions, enhancing flexibility and control over firewall management.
This refactoring removes redundant 'blockinfile' and 'reload' commands in fail2ban tasks, ensuring that IPSet and drop rules are correctly placed. A new handler has been added to reload the PVE firewall after a fail2ban restart.
This commit adds a comment in the codebase to disable a file permissions check that was deemed too risky. This change aims to simplify the build process while ensuring that we are aware of the potential security implications.
This commit removes unnecessary directory creation steps in the build process, simplifying the setup. Additionally, it updates the shell command to be more robust and reliable.
Updated the README with instructions on integrating Fail2Ban and modified the directory structure to accommodate new files related to this integration.
Introduce a new variable `f2b_unban_ip` in the Ansible playbook to allow users to specify an IP address that should be unbanned using Fail2Ban. This feature enhances the flexibility of the playbook by enabling targeted IP management.
This commit adds Fail2ban settings to `defaults/main.yml`, a new task to restart the fail2ban service, and a task file for deploying Fail2Ban integrated with Proxmox Firewall. The new tasks include checks, validations, and configuration to enhance security by blocking malicious IP addresses.
