From 0a88f2c7b84ec79ba7a4a5cd7a0da3ac2b1bff87 Mon Sep 17 00:00:00 2001
From: whitej46 <168861166+whitej46@users.noreply.github.com>
Date: Sun, 24 May 2026 10:15:23 -0400
Subject: [PATCH] Update maltrail.conf

security/maltrail: add FAIL2BAN_ALLOWLIST to server config template to allow localhost access to fail2ban endpoint
---
 .../opnsense/service/templates/OPNsense/Maltrail/maltrail.conf  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/security/maltrail/src/opnsense/service/templates/OPNsense/Maltrail/maltrail.conf b/security/maltrail/src/opnsense/service/templates/OPNsense/Maltrail/maltrail.conf
index 33a2170c4..a8d2f72dc 100644
--- a/security/maltrail/src/opnsense/service/templates/OPNsense/Maltrail/maltrail.conf
+++ b/security/maltrail/src/opnsense/service/templates/OPNsense/Maltrail/maltrail.conf
@@ -9,6 +9,8 @@ USE_SSL false
 
 # Regular expression to be used in external /fail2ban calls for extraction of attacker source IPs
 FAIL2BAN_REGEX attacker|reputation|potential[^"]*(web scan|directory traversal|injection|remote code)|spammer|mass scanner
+# Allow localhost to access fail2ban endpoint
+FAIL2BAN_ALLOWLIST 127.0.0.1
 
 {%   if helpers.exists('OPNsense.maltrail.server.loglistenaddress') and OPNsense.maltrail.server.loglistenaddress != '' %}
 UDP_ADDRESS {{ OPNsense.maltrail.server.loglistenaddress }}