Fail2Ban not creating IPTables properly?

ashcortech · November 29, 2022, 11:33am

FreePBX15 & 16

I don’t think Fail2Ban (or possibly iptables) is working properly. I have a few systems getting hammered by a 128.90.0.0 network (which is a VPN service). constant brute force attacks on sip. In the fail2ban gui in FreePBX it’s showing dozens of entries for 128.90.x.x networks… but if I do an iptables -L in the cli, I just see mostly

REJECT all – undefined.hostname.localhost anywhere reject-with icmp-port-unreachable

in the Chain fail2ban-Sip section.

no reference at all to any 128.90.x.x IPs.

Also, if I try to add an iptables rule manually it won’t add it.

iptables -A INPUT -s 128.90.0.0/16 -j DROP

this rule never appears in iptables list if I do an iptables -L

Thoughts?

PitzKey · November 29, 2022, 12:09pm

Try adding through the firewall
https://wiki.freepbx.org/display/FPG/Firewall+Custom+Rules

Then check iptables using:

iptables --list -n

…to inhibit reverse DNS lookups.

ashcortech · November 29, 2022, 9:32pm

That wiki link is NG.

system · December 30, 2022, 9:33pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.