FreePBX15 & 16
I don’t think Fail2Ban (or possibly iptables) is working properly. I have a few systems getting hammered by a 128.90.0.0 network (which is a VPN service). constant brute force attacks on sip. In the fail2ban gui in FreePBX it’s showing dozens of entries for 128.90.x.x networks… but if I do an iptables -L in the cli, I just see mostly
REJECT all – undefined.hostname.localhost anywhere reject-with icmp-port-unreachable
in the Chain fail2ban-Sip section.
no reference at all to any 128.90.x.x IPs.
Also, if I try to add an iptables rule manually it won’t add it.
iptables -A INPUT -s 128.90.0.0/16 -j DROP
this rule never appears in iptables list if I do an iptables -L
Thoughts?