From 1ee490de6d66af9a97e8a08c43d65cbb13c64879 Mon Sep 17 00:00:00 2001
From: thelittlefireman <thelittlefireman@users.noreply.github.com>
Date: Tue, 29 Dec 2020 03:41:27 +0100
Subject: [PATCH 1/3] Prepare FAIL2BAN_IGNOREIP to avoid self blocking

---
 entrypoint/global-config.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/entrypoint/global-config.sh b/entrypoint/global-config.sh
index be1f99c..b081dde 100644
--- a/entrypoint/global-config.sh
+++ b/entrypoint/global-config.sh
@@ -271,6 +271,7 @@ if [ "$(has_value USE_FAIL2BAN yes)" != "" ] ; then
 	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_BANTIME%" "$FAIL2BAN_BANTIME"
 	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_FINDTIME%" "$FAIL2BAN_FINDTIME"
 	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_MAXRETRY%" "$FAIL2BAN_MAXRETRY"
+	replace_in_file "/etc/fail2ban/jail.d/nginx-jail.local" "%FAIL2BAN_IGNOREIP%" "$FAIL2BAN_IGNOREIP"
 	replace_in_file "/etc/fail2ban/filter.d/nginx-filter.local" "%FAIL2BAN_STATUS_CODES%" "$FAIL2BAN_STATUS_CODES"
 fi
 

From eac9c8f513c0b480640ed744fbdb2f1d1ee1237b Mon Sep 17 00:00:00 2001
From: thelittlefireman <thelittlefireman@users.noreply.github.com>
Date: Tue, 29 Dec 2020 03:43:38 +0100
Subject: [PATCH 2/3] Prepare FAIL2BAN_IGNOREIP to avoid self blocking

---
 entrypoint/defaults.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/entrypoint/defaults.sh b/entrypoint/defaults.sh
index 8eeab2b..65d8355 100644
--- a/entrypoint/defaults.sh
+++ b/entrypoint/defaults.sh
@@ -67,6 +67,7 @@ FAIL2BAN_STATUS_CODES="${FAIL2BAN_STATUS_CODES-400|401|403|404|405|444}"
 FAIL2BAN_BANTIME="${FAIL2BAN_BANTIME-3600}"
 FAIL2BAN_FINDTIME="${FAIL2BAN_FINDTIME-60}"
 FAIL2BAN_MAXRETRY="${FAIL2BAN_MAXRETRY-15}"
+FAIL2BAN_IGNOREIP="${FAIL2BAN_IGNOREIP-127.0.0.1/8 192.168.0.0/16 172.16.0.0/16}"
 USE_CLAMAV_UPLOAD="${USE_CLAMAV_UPLOAD-yes}"
 USE_CLAMAV_SCAN="${USE_CLAMAV_SCAN-yes}"
 CLAMAV_SCAN_REMOVE="${CLAMAV_SCAN_REMOVE-yes}"

From 124474ad6695e1e700da32356a605783345a2db9 Mon Sep 17 00:00:00 2001
From: thelittlefireman <thelittlefireman@users.noreply.github.com>
Date: Tue, 29 Dec 2020 03:47:41 +0100
Subject: [PATCH 3/3] Edit README.md to add FAIL2BAN_IGNOREIP

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index c336a1c..cfa0066 100644
--- a/README.md
+++ b/README.md
@@ -1063,6 +1063,12 @@ Default : value : *15*
 Context : *global*  
 The number of "strange" HTTP status codes to find between the time interval.
 
+`FAIL2BAN_IGNOREIP`  
+Values : *\<list of IP addresses or subnet separated with spaces\>*   
+Default value : 127.0.0.1/8 192.168.0.0/16 172.16.0.0/16  
+Context : *global*  
+IPs or subnet which should never be ban by fail2ban.
+
 ## ClamAV
 
 `USE_CLAMAV_UPLOAD`