diff --git a/modules/services/security/fail2ban.nix b/modules/services/security/fail2ban.nix index 258a2d79163..a232d18a572 100644 --- a/modules/services/security/fail2ban.nix +++ b/modules/services/security/fail2ban.nix @@ -118,6 +118,7 @@ in { ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f"; ReadOnlyDirectories = "/"; ReadWriteDirectories = "/var/run/fail2ban"; + CapabilityBoundingSet="CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW"; }; postStart =