Fail2ban no asterisk jail?


I happened to be on a system digging around, and found that the asterisk.conf does not seem to properly detect the Rejecting unknown SIP connection from… so I created my own asterisk-custom.conf file in the filters.d using

failregex = ^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])? )Ext\. s:.* "Rejecting unknown SIP connection from "$

(the current asterisk.conf or asterisk-security.conf file is missing the .* after the s:, which it doesn’t then detect.

Running the fail2ban-regex /var/log/asterisk/full asterisk-custom.conf, has 219 matches. So the IPs should be getting banned. Nope. Restart fail2ban, wait 10 minutes nothing still not banned. I have a very low tolerance for fails…I have a max retry of 4 with find time of 86400 (4 matches in 24 hours gets you banned).

So, I ran fail2ban-client status, and noticed there’s no asterisk-iptables listed in the jails. Went through the local.conf file, and no jails are setup to use the asterisk filters.

Is there a reason that asterisk-iptables is not running? Using the firewall module too, but would think fail2ban would be in play too…

Thanks in advance,