# deployment/fail2ban-curl-allow.te
module fail2ban-curl-allow 1.1;

require {
    type fail2ban_t;
    type http_cache_port_t;
    type var_run_t;
    type etc_t;
    type var_log_t;
    class tcp_socket name_connect;
    class file { read write open execute };
    class dir { search read };
}

#============= fail2ban_t ==============
allow fail2ban_t http_cache_port_t:tcp_socket name_connect;

# Zusätzliche benötigte Berechtigungen
allow fail2ban_t etc_t:file { read open };
allow fail2ban_t var_log_t:file { read open };
allow fail2ban_t var_run_t:file { read write open };
allow fail2ban_t var_run_t:dir search;
allow fail2ban_t etc_t:dir search;