fail2ban has a lot of utility
fail2ban-client |grep ignoreip
will show commands to check what your version of fail2ban can set/get after all the FPBX firewall rules have done. e.g. try
fail2ban-client get <JAIL> ignoreip
if you can where <JAIL> is revealed by
fail2ban-client status
hi @dicko- thanks for the reply!
I know the uses for fail2ban-client.
I was more specifically trying to figure out why after the fwconsole firewall sync command doesnt the trusted ip get scrubbed from the jail’s banned IPs.
/var/www/html/admin/modules/firewall/hooks/dynamic-jails gets ran via the cron as part of the sync process and has the code to scrub the IP from the jails if supplied the action = unbanip and settings[‘ip’] = whitelisted ip from trusted.
I have since created my own script that does something similar and it runs via cron but feel like this function should be included with the sync function and reload function.
unless I am missing yet another flag from the GUI which is quite possible.
Sorry, I don’t use the FPBX firewall, I’m just showing you what your fail2ban is ultimately using. If the culprit network/host is in ignoreip for a particular jail then any tentative ‘bans’ from your machine or it’s subnet peers, fail2ban would otherwise show something like in it’s logs
. . . .fail2ban.filter [20775]: INFO [asterisk] Ignore nnn.nnn.nnn.nnn by ip
Perhaps add a more leniant ignoreip for the whole subnet
Also presumably the whole firewall is using iptables so iptables -L might find the REJECT/DROP yourIP in some other chain before fail2ban chains are processed
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.