fail2ban config does not match the gui input parameters

PBX Firmware: 6.12.65-29
FreePBX 12.0.76

it appears that the sysadmin module is adding three lines to the end of the /etc/fail2ban/jail.local file. it correctly adds the values entered in the GUI (bantime, findtime and maxretry) to the top of the file but appends different values at the end of the file.

here are the values that are entered in the gui
ignoreip =
bantime = 186400
findtime = 6000
maxretry = 2
backend = auto

and here are the last three lines in the file
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 20

I believe this belongs in “Commercial Modules” not “General Help”

My jail.local file shows those exact same last lines while I have entered different ‘stuff’/

@Dicko, I am confised as to why this Q should be under ‘commercial’ since fail2ban is the basic intrusion detection system used by FreePBX and I don’t have the commercial version.



You have a problem with the GUI which is part of sysadmin (commercial and closed source) Fail2Ban has been an obvious “basic” add-on for FreePBX users for many years, generally I find it helpful to install it from source, you will have better control :wink:

Note that those are for separate sections.

The default settings are configurable. The recidivist section bans for a week.

enabled = true
filter = recidive
logpath = /var/log/fail2ban.log*
action = iptables-allports[name=recidive, protocol=all]
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 20