Don't install iptables and nftables by default

6cc90d3c · Chris Croome · dc5e5902 · 6cc90d3c · 6cc90d3c · 6cc90d3c
Verified Commit 6cc90d3c authored 1 year ago by Chris Croome
--- a/README.md
+++ b/README.md
@@ -6,7 +6,9 @@ This repository contains an Ansible role for installing [Fail2ban](https://fail2

 ## Usage

-By default this role installs `fail2ban` and `iptables` and creates a `/etc/fail2ban/jail.local` file.
+By default this role installs `fail2ban` and creates a `/etc/fail2ban/jail.local` file.
+
+You might want to install `iptables`, `nftables` or `ufw` prious to running this role.

 The [alternatives role](https://git.coop/webarch/alternatives) can be used to set the priority for `iptables` or these commands can be run manually:

@@ -86,7 +88,3 @@ If you use this role please use a tagged release, see [the release notes](https:
 Copyright 2019-2023 Chris Croome, &lt;[chris@webarchitects.co.uk](mailto:chris@webarchitects.co.uk)&gt;.

 This role is released under [the same terms as Ansible itself](https://github.com/ansible/ansible/blob/devel/COPYING), the [GNU GPLv3](LICENSE).
-
-
-
-
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -27,11 +27,12 @@ fail2ban_config_files:
        bantime: 86400
 fail2ban_pkgs:
  - fail2ban
-  - iptables
-  - iptables-persistent
-  - netfilter-persistent
-  - nftables
+  # - iptables
+  # - iptables-persistent
+  # - netfilter-persistent
+  # - nftables
  - python3-pyinotify
+  # - ufw
  - whois
 fail2ban_whitelist:
  - "127.0.0.1"

--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -37,6 +37,7 @@
        fail2ban: true
        fail2ban_pkgs:
          - fail2ban
+          - python3-pyinotify
          - ufw
          - whois
 ...