Lately, Fail2Ban appears to have gone nuts. Today I noticed that there were more than 30,000 entries in my iptables INPUT list, and they were all just repetitions of the Fail2Ban jails. After clearing them all, they keep coming back, thousands every hour. At one point today, there were almost 60K lines in my iptables INPUT list. Naturally, this is absolutely killing iptables’ ability to block connections.
I’m on FreePBX 15.0.17.43 and Fail2Ban v0.8.14. From what I’ve read so far Fail2Ban can’t be upgraded because it’s version locked to the FreePBX installation.
Currently, my INPUT list looks like this (just the last few lines) - this is about 30 minutes after I last cleared it.
8751 fail2ban-SIP all – anywhere anywhere
8752 fail2ban-PBX-GUI all – anywhere anywhere
8753 fail2ban-SSH tcp – anywhere anywhere multiport dports ssh
8754 fail2ban-apache-auth all – anywhere anywhere
8755 fail2ban-FTP tcp – anywhere anywhere multiport dports ftp
8756 fail2ban-BadBots tcp – anywhere anywhere multiport dports http,https
8757 fail2ban-zulu tcp – anywhere anywhere
8758 fail2ban-api tcp – anywhere anywhere multiport dports http,https
8759 fail2ban-recidive all – anywhere anywhere
8760 fail2ban-SIP all – anywhere anywhere
8761 fail2ban-PBX-GUI all – anywhere anywhere
8762 fail2ban-SSH tcp – anywhere anywhere multiport dports ssh
8763 fail2ban-apache-auth all – anywhere anywhere
8764 fail2ban-FTP tcp – anywhere anywhere multiport dports ftp
8765 fail2ban-BadBots tcp – anywhere anywhere multiport dports http,https
8766 fail2ban-zulu tcp – anywhere anywhere
8767 fail2ban-api tcp – anywhere anywhere multiport dports http,https
8768 fail2ban-recidive all – anywhere anywhere
8769 fail2ban-SIP all – anywhere anywhere
8770 fpbxfirewall all – anywhere anywhere
