Can you check what do you have in filter? I believe there is asterisk and asterisk-security. Asterisk should be the one catching.
stonet
January 4
Here we go - I have removed email addresseses for sender and dest:
[DEFAULT]
ignoreip = 127.0.0.1 172.16.60.0/24 208.81.163.2 204.16.8.68 192.168.1.0/24
bantime = 604800
findtime = 600
maxretry = 8
backend = auto
[asterisk-iptables]
enabled = true
filter = asterisk-security
action = iptables-allports[name=SIP, protocol=all]
sendmail[name=SIP, dest=, sender=]
logpath = /var/log/asterisk/fail2ban
[pbx-gui]
enabled = true
filter = freepbx
action = iptables-allports[name=PBX-GUI, protocol=all]
sendmail[name=PBX-GUI, dest=, sender=]
logpath = /var/log/asterisk/freepbx_security.log
[ssh-iptables]
enabled = true
filter = sshd
action = iptables-allports[name=SSH, port=ssh, protocol=tcp]
sendmail[name=SSH,dest= , sender=]
logpath = /var/log/secure
[apache-tcpwrapper]
enabled = true
filter = apache-auth
action = iptables-allports[name=PBX-GUI, port=http, protocol=tcp]
sendmail[name=PBX-GUI, dest=, sender=]
logpath = /var/log/httpd/error_log
[vsftpd-iptables]
enabled = true
filter = vsftpd
action = iptables-allports[name=FTP, port=ftp, protocol=tcp]
sendmail[name=FTP, dest=, sender=]
logpath = /var/log/vsftpd.log
[apache-badbots]
enabled = true
filter = apache-badbots
action = iptables-allports[name=BadBots, port=“http,https”]
sendmail[name=PBX GUI, dest=, sender=]
logpath = /var/log/httpd/*access_log
[recidive]
enabled = true
filter = recidive
logpath = /var/log/fail2ban.log
action = iptables-allports[name=recidive, protocol=all]
sendmail[name=recidive, dest=, sender=]
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
To respond, reply to this email or visit http://community.freepbx.org/t/fail2ban-not-working/25489/7 in your browser.
Previous Replies
cp3
December 23
Post your jail.local here
stonet
December 18
Has anyone else had problems with fail2ban not working. It is not working for me. I have checked the jails etc and all looks very normal with the install I mentioned above.
tom11011
November 30
What ended up working for me was turning the following from yes to no under "Asterisk SIP Settings".
Allow SIP Guests?
Allow Anonymous Inbound SIP Calls?
Apparently the default is Yes. In my opinion, the default probably should be No, maybe it is a bug. Once I set this to No, the problem just went away. I'm thinking that fail2ban does not catch these arriving from locations other than your sip provider.
stonet
November 30
I noticed yesterday that fail2ban has stopped catching these malicious registration attempts.
I am running FPBX Distro 6.12.65-20, FPBX 12.0.13 and asterisk 11.14. I upgraded from track 5 to track 6 last week. Before upgrading fail2ban was catching them.
I had a quick look at the filters and jail. All looks normal but have not yet had a chance to look at it in depth.
GSnover
November 14
While you are troubleshooting Fail2BAN, you can at least manually ban that IP - From the cli:
iptables -A INPUT -s 195.154.35.220 -j DROP
Here is more info on manually doing it:
http://www.cyberciti.biz/faq/how-do-i-block-an-ip-on-my-linux-server/
To respond, reply to this email or visit http://community.freepbx.org/t/fail2ban-not-working/25489/7 in your browser.
To unsubscribe from these emails, visit your user preferences.