We have an issue with a freepbx server banning all the phones attached to it.
The fail2ban log just shows;
2013-05-13 06:58:08,821 fail2ban.actions: WARNING [asterisk-iptables] Unban 10.2.1.11
2013-05-13 06:59:38,912 fail2ban.actions: WARNING [asterisk-iptables] Ban 10.2.1.11
2013-05-13 07:29:38,955 fail2ban.actions: WARNING [asterisk-iptables] Unban 10.2.1.11
Repeat for each IP. It seems that each phone can be affected, but not all phones at once, just phones at random. Often enough to be a real issue though.
The phone server and phones exist on their own VLAN and I wonder whether it might be that. In general Fail2Ban seems very keen to ban devices, it banned my laptop when I plugged in to the voice vlan to make some changes via ssh.
Is there a log that will tell us why fail2ban is banning these devices? I’m keen not to white list the whole subnet as that defeats the point. Equally I’m keen to not white list the phones current IP as they will change every 8 hours.