From dccb45168c24f785413ac7fcc84fae21d5402460 Mon Sep 17 00:00:00 2001
From: Peter <peter@pfoe.be>
Date: Sat, 30 May 2026 19:29:58 +0200
Subject: [PATCH] firewall: restart failtoban if it exists

---
 roles/baseline/templates/firewall.j2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/baseline/templates/firewall.j2 b/roles/baseline/templates/firewall.j2
index 039cc3f..22110ff 100644
--- a/roles/baseline/templates/firewall.j2
+++ b/roles/baseline/templates/firewall.j2
@@ -75,4 +75,11 @@ ip6tables -A INPUT -j REJECT
 iptables -A FORWARD -j REJECT
 ip6tables -A FORWARD -j REJECT
 
+# Now *if* fail2ban has been installed, we would have destroyed it's setup.  
+# Restart it
+if [ -e /etc/fail2ban/fail2ban.conf ]
+then
+	systemctl restart fail2ban || true
+fi
+
 # This file is managed by ansible, do not modify!