From f96b380bcb54b997e14e7b65aa67cb22b5ea53ef Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Tue, 2 Aug 2016 09:14:56 +0200
Subject: [PATCH] Possibility to filter valid remote hosts

---
 root/etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP
index 876935b..47cf954 100644
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP
@@ -9,9 +9,11 @@ my $n = esmith::NetworksDB->open_ro() ||
 my @ip = ("127.0.0.0/8", $LocalIP);
 
 # Add hosts which can access the server-manager to the whitelist
-foreach (split /[,;]/, (${'httpd-admin'}{'ValidFrom'} || '')){
-    my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$_");
-    push @ip, "$ip/$bits";
+unless (($fail2ban{FilterValidRemoteHosts} || 'disabled') eq 'enabled'){
+  foreach (split /[,;]/, (${'httpd-admin'}{'ValidFrom'} || '')){
+      my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$_");
+      push @ip, "$ip/$bits" unless "$ip/$bits" eq '0.0.0.0/0';
+  }
 }
 
 unless (($fail2ban{FilterLocalNetworks} || 'disabled') eq 'enabled'){