Can the firewall permanently ban ip addresses automatically?

aristosv · July 2, 2018, 5:13pm

Up until now, I only had enabled fail2ban on my freepbx. Seeing that there is no way to permanently ban ip addresses just by using fail2ban, today I also enabled the firewall. How can I configure the firewall to automatically and permanently ban the ip addresses that fail2ban bans?

Or if the firewall can’t talk to fail2ban, how can I permanently and automatically blacklist the banned/blacklisted ip addresses?

Thanks

pavlex · January 30, 2019, 11:25am

I would also like to know if this is possible. Or it might be that we need to do a feature request if it isn’t available yet.

ashcortech · January 30, 2019, 12:55pm

I believe what you are looking for is under

Communications > firewall > services > Blacklist

aristosv · January 30, 2019, 2:07pm

Will the Blacklist option, automatically pick up the fail2ban banned IP’s and ban them permanently? Or do we have to add each IP to the Blacklist manually?

comtech · January 30, 2019, 5:20pm

Separate applications, I do not believe they interact.

dicko · January 30, 2019, 5:33pm

Upgrade your fail2ban to stable or higher

https://www.fail2ban.org/wiki/index.php/Downloads

Set bantime=-1

aristosv · January 30, 2019, 5:53pm

can fail2ban be updated independently of freepbx?

I’m only asking because fail2ban is managed through freepbx and I don’t want to upgrade it, and break any functionality/communication between the 2 software.

dicko · January 30, 2019, 6:05pm

I have never had a problem with that.

aristosv · January 31, 2019, 6:18am

According to the instructions on the fail2ban download page, in order to install the stable version of fail2ban, I first have to install EPEL packages.

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

But that command gives me this message:

[root@freepbx bin]# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Loaded plugins: fastestmirror, versionlock
epel-release-latest-7.noarch.rpm                                                                                           |  15 kB  00:00:00
Examining /var/tmp/yum-root-U4wGaP/epel-release-latest-7.noarch.rpm: epel-release-7-11.noarch
Cannot install package epel-release-7-11.noarch. It is obsoleted by installed package sangoma-release-7-5.1805.02.el7.sangoma.x86_64
Error: Nothing to do

@dicko
How did you upgrade fail2ban on your freepbx?

dicko · January 31, 2019, 9:28am

wget https://github.com/fail2ban/fail2ban/archive/0.10.tar.gz
Then tar -xzsf …
cd …
./setup.py install

system · January 31, 2020, 9:28am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.