From 5084bfecdf6ec1e5922f94cf78e0a3cdecd22eed Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Wed, 24 Mar 2021 22:35:28 +0000
Subject: [PATCH] Ignore PVE interface from f2b jails

---
 ansible/roles/base/files/ssh-jail.conf                 | 2 +-
 ansible/roles/gateway/files/haproxy-fail2ban-jail.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/base/files/ssh-jail.conf b/ansible/roles/base/files/ssh-jail.conf
index fce4c08..0e97596 100644
--- a/ansible/roles/base/files/ssh-jail.conf
+++ b/ansible/roles/base/files/ssh-jail.conf
@@ -4,4 +4,4 @@ bantime  = 600
 findtime = 30
 maxretry = 5
 port     = {{ ssh_port }},ssh
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}
diff --git a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
index 0292387..be58d56 100644
--- a/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
+++ b/ansible/roles/gateway/files/haproxy-fail2ban-jail.conf
@@ -7,4 +7,4 @@ filter   = haproxy-basic
 backend  = systemd
 journalmatch = _COMM=haproxy
 port     = http,https
-ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }}
+ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }}