use fail2ban to block some abusive smtp clients on our MXs (re: RT#7515)

[mirror/dsa-puppet.git] / modules / fail2ban / manifests / init.pp

diff --git a/modules/fail2ban/manifests/init.pp b/modules/fail2ban/manifests/init.pp
new file mode 100644 (file)
index 0000000..3051b99
--- /dev/null
+++ b/modules/fail2ban/manifests/init.pp
@@ -0,0 +1,17 @@
+class fail2ban {
+       package { 'fail2ban':
+               ensure => installed,
+       }
+
+       service { 'fail2ban':
+               ensure  => running,
+       }
+
+       @ferm::conf { 'f2b':
+               content  => @(EOF),
+                               @hook post  "type fail2ban-client > /dev/null && (fail2ban-client ping > /dev/null && fail2ban-client reload > /dev/null ) || true";
+                               @hook flush "type fail2ban-client > /dev/null && (fail2ban-client ping > /dev/null && fail2ban-client reload > /dev/null ) || true";
+                               | EOF
+       }
+
+}