Configuration bug? 6.12.65-24

Hello All,

I didn’t want to put this in a bug report because things have change from previous versions and I wanted to be sure. You need to read through before assuming the details.

In looking at the configuration of fail2ban, the auto generated file jail.local has the wrong log path.
When I first saw it I thought maybe we changed it, but went back into Intrusion Detection saved and found the timestamp to be updated with the incorrect file name.

enabled = true
filter = asterisk
action = iptables-allports[name=SIP, protocol=all]
sendmail[name=SIP, [email protected], [email protected]]
logpath = /var/log/asterisk/fail2ban

Now I see we do have a file under this version within the folder specified, and as an example I do see captured are the offending lines I’m looking for:
[2015-02-15 11:31:31] WARNING[679][C-000000f4] Ext. s: “Rejecting unknown SIP connection from”
[2015-02-15 11:33:12] WARNING[740][C-000000f5] Ext. s: “Rejecting unknown SIP connection from”
[2015-02-15 11:34:10] WARNING[772][C-000000f6] Ext. s: “Rejecting unknown SIP connection from”
[2015-02-15 11:35:09] WARNING[807][C-000000f7] Ext. s: “Rejecting unknown SIP connection from”

However, these offending entries are not being blocked at the firewall level and never making into /var/log/fail2ban.log.

The same file name also throws me off a little since fail2ban log is for showing things as they are banned & unbanned and here we are possibly duplicating entries from /var/log/asterisk/full within /var/log/asterisk/fail2ban ?

I just want to understand what we are doing with these and of course block these offenders which currently isn’t happening on this box.