This commit refactors the code by improving text formatting and structure to enhance readability, ensuring that the content and functionality remain unchanged.
This commit refactors the fail2ban.yml file to include support for detecting a Proxmox cluster, ensuring that pmxcfs is mounted, installing Fail2Ban, and configuring appropriate jails. This enhances the security and management of the Proxmox environment by automating the setup and monitoring of failed login attempts.
This refactoring updates the fail2ban configuration to utilize a new script, `fw_compile_check.rc`, for handling failure checks. This change aims to streamline the process and improve reliability by centralizing the logic in a dedicated script.
This refactoring extracts the logic for processing Corosync ring addresses and determining their CIDRs. It then updates the `ignoreip` setting in the fail2ban configuration accordingly. This change improves modularity and maintainability of the code.
This commit introduces new features to register IPSETs and update firewall reload notifications. It also conditionally validates Proxmox firewall configurations based on changes, enhancing the robustness of the system.
This commit introduces a new feature that allows conditional execution of the PVE firewall reload command based on certain conditions, enhancing flexibility and control over firewall management.
This refactoring removes redundant 'blockinfile' and 'reload' commands in fail2ban tasks, ensuring that IPSet and drop rules are correctly placed. A new handler has been added to reload the PVE firewall after a fail2ban restart.
This commit adds a comment in the codebase to disable a file permissions check that was deemed too risky. This change aims to simplify the build process while ensuring that we are aware of the potential security implications.
This commit removes unnecessary directory creation steps in the build process, simplifying the setup. Additionally, it updates the shell command to be more robust and reliable.
Updated the README with instructions on integrating Fail2Ban and modified the directory structure to accommodate new files related to this integration.
Introduce a new variable `f2b_unban_ip` in the Ansible playbook to allow users to specify an IP address that should be unbanned using Fail2Ban. This feature enhances the flexibility of the playbook by enabling targeted IP management.
This commit adds Fail2ban settings to `defaults/main.yml`, a new task to restart the fail2ban service, and a task file for deploying Fail2Ban integrated with Proxmox Firewall. The new tasks include checks, validations, and configuration to enhance security by blocking malicious IP addresses.
