From 8c1be6840509731f02f05fd9b2a0ac7a97742099 Mon Sep 17 00:00:00 2001
From: Peronia <25049991+Peronia@users.noreply.github.com>
Date: Mon, 26 Jun 2023 09:21:23 +0200
Subject: [PATCH] Updated Fail2Ban Setup (markdown)

---
 Fail2Ban-Setup.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Fail2Ban-Setup.md b/Fail2Ban-Setup.md
index 734da1b..162edc5 100644
--- a/Fail2Ban-Setup.md
+++ b/Fail2Ban-Setup.md
@@ -161,12 +161,12 @@ Docker uses the FORWARD chain instead of the default INPUT chain. If the machine
 chain = FORWARD
 ```
 
-**Tip**:If you are using systemd to manage vaultwarden, you can use systemd-journal for fail2ban:
+**Tip**: If you are using systemd to manage vaultwarden, you can use systemd-journal for fail2ban:
 ```
 backend = systemd
 filter = vaultwarden[journalmatch='_SYSTEMD_UNIT=your_vaultwarden.service']
 ```
-Use these instead of `logpath = ` variable.
+Use these instead of `logpath = ` and `filter = ` variables.
 
 **NOTE FOR CLOUDFLARE USERS**
 If you use cloudflare proxy, you'll need to add Cloudflare in your actions list, like in [this guide](https://niksec.com/using-fail2ban-with-cloudflare/)
@@ -221,6 +221,14 @@ Note: Docker uses the FORWARD chain instead of the default INPUT chain. Therefor
 ```INI
 action = iptables-allports[name=vaultwarden-admin, chain=FORWARD]
 ```
+
+**Tip**: If you are using systemd to manage vaultwarden, you can use systemd-journal for fail2ban here as well:
+```
+backend = systemd
+filter = vaultwarden-admin[journalmatch='_SYSTEMD_UNIT=your_vaultwarden.service']
+```
+Use these instead of `logpath = ` and `filter = ` variables.
+
 **NOTE FOR CLOUDFLARE USERS**
 If you use cloudflare proxy, you'll need to add Cloudflare in your actions list, like in [this guide](https://niksec.com/using-fail2ban-with-cloudflare/)