Move LAN subnet ignore back to conf

nemchik · web-flow · commit fd66f022eea1 · 2022-07-12T13:06:05.000Z
diff --git a/root/defaults/fail2ban/README.md b/root/defaults/fail2ban/README.md
@@ -14,12 +14,6 @@ This example uses `apprise-api` for notifications, `cloudflare` for additional w
 
 ```ini
 [DEFAULT]
-# Prevents banning LAN subnets
-ignoreip = 127.0.0.1/8 ::1
-           10.0.0.0/8
-           172.16.0.0/12
-           192.168.0.0/16
-
 # Change the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports".
 #banaction = %(banaction_allports)s
 
diff --git a/root/defaults/fail2ban/jail.conf b/root/defaults/fail2ban/jail.conf
@@ -90,7 +90,12 @@ before = paths-lsio.conf
 # "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
 # will not ban a host which matches an address in this list. Several addresses
 # can be defined using space (and/or comma) separator.
-#ignoreip = 127.0.0.1/8 ::1
+# lsio value
+# Prevents banning LAN subnets
+ignoreip = 127.0.0.1/8 ::1
+           10.0.0.0/8
+           172.16.0.0/12
+           192.168.0.0/16
 
 # External command that will take an tagged arguments to ignore, e.g. <ip>,
 # and return true if the IP is to be ignored. False otherwise.
