Merge branch 'master' of github.com:netmanagers/puppet-fail2ban

manifests/jail.pp

@@ -15,6 +15,7 @@
 #             Defaults to true
 # $filter   - The filter rule to use.
 #             If empty, defaults to == $jailname.
+# $ignoreip - Don't ban a host which matches an address in this list.
 # $port     - The port to filter. It can be an array of ports.
 # $logpath  - The log file to monitor
 # $maxretry - How many fails are acceptable
@@ -29,6 +30,7 @@ define fail2ban::jail (
   $order     = '',
   $status    = '',
   $filter    = '',
+  $ignoreip  = '',
   $port      = '',
   $action    = '',
   $logpath   = '',
@@ -62,6 +64,14 @@ define fail2ban::jail (
     default => $filter,
   }
 
+  $array_ignoreip = is_array($ignoreip) ? {
+    false     => $ignoreip ? {
+      ''      => [],
+      default => [$ignoreip],
+    },
+    default   => $ignoreip,
+  }
+
   $array_port = is_array($port) ? {
     false     => $port ? {
       ''      => [],

spec/defines/fail2ban_jail_spec.rb

@@ -39,6 +39,7 @@ filter   = fail2ban::jail
         :port     => ['42', '43'],
         :logpath  => '/path/to/somelog',
         :enable   => true,
+        :ignoreip => [ '10.3.2.0/24', '192.168.56.0/24' ],
         :findtime => '9000',
         :maxretry => '5',
         :bantime  => '3600',
@@ -53,6 +54,7 @@ filter   = fail2ban::jail
 [fail2ban::jail]
 enabled  = true
 filter   = fail2ban::jail
+ignoreip = 10.3.2.0/24 192.168.56.0/24
 port     = 42,43
 action   = iptables[name=SSH, port=ssh, protocol=tcp]
 	mail-whois[name=SSH, dest=yourmail@mail.com]

templates/concat/jail.local-stanza.erb

@@ -4,6 +4,9 @@ enabled  = <%= @real_status %>
 <% if @real_filter != '' -%>
 filter   = <%= @real_filter %>
 <% end -%>
+<% if @array_ignoreip != [] -%>
+ignoreip = <%= @array_ignoreip * ' ' %>
+<% end -%>
 <% if @array_port != [] -%>
 port     = <%= @array_port * ',' %>
 <% end -%>