Any issues with fail2ban + FireWall

I’m moving from Asterisk 13 and FreePBX 13 to Asterisk 18 and FreePBX 16. Previously I had just fail2ban. I note that now there is a FireWall module.

Are there any issues / special precautions to implementing both?

Note: With the new install I will be looking to set up trunks to a SIP provider (currently using an ATA) so obviously more exposure. Also to call in from abroad via VPN and then dial out.

Many thanks

I use them. The Responsive firewall uses F2B. Works as you would expect based on the versions of the software.

1 Like

behavior depends on the order of which they are called, if F2B is called first then Presumably any other firewall will be ‘Appended’ to any chains in INPUT, and vice versa although you can set F2B to insert it’s chains at any arbitrary position that already exists, by default it is

chain = local

but you can customise, from jail.conf itself

Specify chain where jumps would need to be added in iptables-* actions

chain = <known/chain>

1 Like

Many thanks @comtech for a quick reply.

When you say “Responsive firewall” are you referring to the FireWall module? If so, does this imply that one should only customise using the Firewall menus in FreePBX and leave the fail2ban config file alone?


Read the material and make the decision based on your unique needs.

Firewall - PBX GUI - Sangoma Documentation (

1 Like

I see that the Responsive Firewall page does make reference to fail2ban:

and implies they can co-exist.

[as the text is an image it therefore did not get found on a search I did earlier]

That is correct.

one thing I didn’t see mentioned were the options for Fail2Ban Bypass and Intrusion Detection Sync Firewall

those are pretty nifty options you would want enabled in most cases …

command line functions are detailed by ~]# fwconsole firewall --help

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.