From 3c8d9fe940373497048674c623f9c4f6aa976d55 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 28 Mar 2021 16:28:07 +0100
Subject: [PATCH] Block all ports

---
 ansible/roles/gateway/files/haproxy-fail2ban-jail.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
index 6e059e7..2fe3fcb 100644
--- a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
+++ b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
@@ -6,11 +6,11 @@ maxretry = 100
 filter   = haproxy-basic
 backend  = systemd
 journalmatch = _COMM=haproxy
-port     = http,https
+port     = http,https,{{ haproxy.exposed_ports | join(",") }}
 ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}
 
 [traefik]
 enabled = true
 filter = haproxy-basic  # Not actually used
-port     = http,https
+port     = http,https,{{ haproxy.exposed_ports | join(",") }}
 ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}