Changing Fail2ban versions

I am looking for some guidance on upgrading the version of fail2ban that comes with freePBX 16. I understand that it’s possible based on other forum posts, but what needs to be reconfigured remains unclear to me. I haven’t been able to figure out the exact steps others have taken to get it working. Is it as simple as removing the currently installed version and installing the latest package, then starting the service?

Other posts for reference:

https://issues.freepbx.org/browse/FREEPBX-22562
https://issues.freepbx.org/browse/FREEPBX-22543

You need to take this to Sangona, no one seems to know why they insist on pushing 0.8, or at least say why they continue to push an outdated by 6 year no longer supported version, presumably they have a reason . . .

If you are not using the “distro”, then updateing from source in place has never been a problem for me.

I’m using the “distro”. Is there no way to change the Fail2ban version outside of intervention from Sangoma in this case?

You can ‘update in place’ simply by downloading the source and running the python install script included.

How that effects the ‘distro’ is not something I can answer apart from assuring you your .local file will not be touched.

Thanks I appreciate the info. I don’t think upgrading without explicit documentation is the best idea in this case, and we’re able to work around the issues we’re experiencing. I have the ban time set to -1 which is supposed to be a permanent ban but it’s actually more like 6 hours, and we’ve started having remote users get banned for seemingly no reason. I put a script in place to read the ban list every hour and add those IPs to the permanent firewall blacklist, and have gone forward with adding all the IPs for our remote users to fail2ban’s whitelist. I’ll try to raise the issue with Sangoma, I do see they’ve made changes to adjust to newer versions of fail2ban but haven’t updated the actual client.

Indeed there are good reasons that Fail2Ban has ‘improved’ itself , now for 4 generations over six years, each one is more solid more robust and a lot quicker to respond, the biggest improvement at 0.9 was moving the database to a ‘non-volatile’ solution, in other words restarting fail2ban (or in fact the PBX itself) would forget. any gleaned bans, basically “not a good thing” and thus making permanent bans impossible.

In current and supported versions of F2B you can just inspect ( and modify) the sqlite3 database, you will find THAT far more effective.

Waiting for explicit documentation will need Sangoma to ‘get their finger out’ which for whatever reason . . . they haven’t :wink:

(There has never been a distinction between client and server, the same code serves both functions.)

Hi Dicko
I think we’ve got the plan to update F2B in FreePBX 17
There is some impacts on sysadmin and firewall module too. So need a little work though. :slight_smile:

2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.