I am looking for some guidance on upgrading the version of fail2ban that comes with freePBX 16. I understand that it’s possible based on other forum posts, but what needs to be reconfigured remains unclear to me. I haven’t been able to figure out the exact steps others have taken to get it working. Is it as simple as removing the currently installed version and installing the latest package, then starting the service?
You need to take this to Sangona, no one seems to know why they insist on pushing 0.8, or at least say why they continue to push an outdated by 6 year no longer supported version, presumably they have a reason . . .
If you are not using the “distro”, then updateing from source in place has never been a problem for me.
Thanks I appreciate the info. I don’t think upgrading without explicit documentation is the best idea in this case, and we’re able to work around the issues we’re experiencing. I have the ban time set to -1 which is supposed to be a permanent ban but it’s actually more like 6 hours, and we’ve started having remote users get banned for seemingly no reason. I put a script in place to read the ban list every hour and add those IPs to the permanent firewall blacklist, and have gone forward with adding all the IPs for our remote users to fail2ban’s whitelist. I’ll try to raise the issue with Sangoma, I do see they’ve made changes to adjust to newer versions of fail2ban but haven’t updated the actual client.
Indeed there are good reasons that Fail2Ban has ‘improved’ itself , now for 4 generations over six years, each one is more solid more robust and a lot quicker to respond, the biggest improvement at 0.9 was moving the database to a ‘non-volatile’ solution, in other words restarting fail2ban (or in fact the PBX itself) would forget. any gleaned bans, basically “not a good thing” and thus making permanent bans impossible.
In current and supported versions of F2B you can just inspect ( and modify) the sqlite3 database, you will find THAT far more effective.
Waiting for explicit documentation will need Sangoma to ‘get their finger out’ which for whatever reason . . . they haven’t
(There has never been a distinction between client and server, the same code serves both functions.)