For some reason my fail2ban stops banning IPs on invalid SIP registrations as soon as I enable firewall. It still works with ssh and keeps banning invalid ssh attempts but not sip.
When I completely disable firewall it starts working normally, banning everything that’s invalid.
Also why is it that as soon as I disable firewall in the gui it locks me out? I have to manually type fwconsole firewall stop to get back in the gui.
Let me know what you guys think. I would really appreciate it.
The problem was that as soon as you enable firewall in the gui, asteris-iptables record would get deleted from jails.local. Jails.local is a file generated by the module. When you disable the firewall, the asterisk-iptables record would appear back in that file. To bypass this, add a custom asterisk-iptables record in etc/fail2ban/jails.conf.
enabled = true
filter = asterisk
action = iptables-allports[name=SIP, protocol=all]
logpath = /var/log/asterisk/fail2ban
This fixes the issue, and fail2ban starts banning the invalid sip registrations.
There is a part in the responsive firewall to enable SIP Protocol (pjsip) and Legacy SIP (chan_sip) blocking, do you have it enabled?
When I was using RF yes, they were enabled. And still rf would block my remote soft phones. This is just not acceptable especially when you want to offer this functionality to your clients. But now I’m using fail2ban and set it to ban anyone for a week after 2 invalid attempts. Works perfectly.