Current Asterisk Version: 13.5.0
This is a new install and everything is up and working fine. However, I am still getting these annoying emails that say: The IP 192.168.0.103 has just been banned by Fail2Ban after 5 attempts against SIP on localhost. The entries are coming from the phones on my network. I did some research today and found a couple of forum posts. I modified my jail.conf file and the contents follow. I would have thought that the ignoreip entry would have fixed this. Any help to resolve this is greatly appreciated.
Fail2Ban jail specifications file
Comments: use ‘#’ for comment lines and ‘;’ for inline comments
Changes: in most of the cases you should not modify this
file, but provide customizations in jail.local file, e.g.:
bantime = 3600
enabled = true
The DEFAULT allows a global definition of the options. They can be overridden
in each jail afterwards.
“ignoreip” can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
ban a host which matches an address in this list. Several addresses can be
defined using space separator.
ignoreip = 127.0.0.0/8 192.168.0.0/16
“bantime” is the number of seconds that a host is banned.
bantime = 600
A host is banned if it has generated “maxretry” during the last “findtime”
findtime = 600
“maxretry” is the number of failures before a host get banned.
maxretry = 3
“backend” specifies the backend used to get files modification.
Available options are “pyinotify”, “gamin”, “polling” and “auto”.
This option can be overridden in each jail as well.
pyinotify: requires pyinotify (a file alteration monitor) to be installed.
If pyinotify is not installed, Fail2ban will use auto.
gamin: requires Gamin (a file alteration monitor) to be installed.
If Gamin is not installed, Fail2ban will use auto.
polling: uses a polling algorithm which does not require external libraries.
auto: will try to use the following backends, in order:
pyinotify, gamin, polling.
backend = auto
“usedns” specifies if jails should trust hostnames in logs,
warn when reverse DNS lookups are performed, or ignore all hostnames in logs
yes: if a hostname is encountered, a reverse DNS lookup will be performed.
warn: if a hostname is encountered, a reverse DNS lookup will be performed,
but it will be logged as a warning.
no: if a hostname is encountered, will not be used for banning,
but it will be logged as info.
usedns = warn
This jail corresponds to the standard configuration in Fail2ban 0.6.
The mail-whois action send a notification e-mail with a whois request
in the body.
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
sendmail-whois[name=ASTERISK, [email protected], [email protected]]
logpath = /var/log/asterisk/full
maxretry = 5
bantime = 600