I have a fail2ban notification setup – see The IP 147.135.112.34 has just been banned by Fail2Ban after
92 attempts against SIP
For some reason these never stayed blocked so I’ve been individually adding them to the black list in the firewall. I’m not even sure with this one got 92 attemps when i have it set to 3 in fail2ban.
Is there a way to perm block entries? Is there an easy way to block domains from other countries?
dicko
(dicko)
January 7, 2022, 10:03pm
2
Let’s start with how you set up FreePBX, on what OS (distro or hand rolled) and what ‘firewall’ you are using.
Given that knowledge , then the version of fail2ban is relevant and the order of iptables Chains/rules would need fail2ban’s recidive jail working and that the fail2ban chains be added before other chains.
post the output of
iptables -L -n |grep Chain
Thank you for the response.
FreePBX 16.0.10.46
Please note most tasks should be handled through the GUI.
You can access the GUI by typing one of the above IPs in to your web browser.
For support please visit:
Training & Support | FreePBX - Let Freedom Ring
[root@ ~]# iptables -L -n |grep Chain
Chain INPUT (policy ACCEPT)
Chain FORWARD (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)
Chain fail2ban-BadBots (1 references)
Chain fail2ban-FTP (1 references)
Chain fail2ban-PBX-GUI (1 references)
Chain fail2ban-SIP (1 references)
Chain fail2ban-SSH (1 references)
Chain fail2ban-apache-auth (1 references)
Chain fail2ban-api (1 references)
Chain fail2ban-openvpn (1 references)
Chain fail2ban-recidive (1 references)
Chain fpbx-rtp (1 references)
Chain fpbxattacker (6 references)
Chain fpbxblacklist (1 references)
Chain fpbxchecktempwhitelist (1 references)
Chain fpbxfirewall (1 references)
Chain fpbxhosts (1 references)
Chain fpbxinterfaces (1 references)
Chain fpbxknownreg (16 references)
Chain fpbxlogdrop (1 references)
Chain fpbxnets (1 references)
Chain fpbxratelimit (1 references)
Chain fpbxregistrations (1 references)
Chain fpbxreject (1 references)
Chain fpbxrfw (1 references)
Chain fpbxshortblock (2 references)
Chain fpbxsignalling (1 references)
Chain fpbxsmarthosts (1 references)
Chain fpbxsvc-api (2 references)
Chain fpbxsvc-api_ssl (2 references)
Chain fpbxsvc-chansip (1 references)
Chain fpbxsvc-ftp (1 references)
Chain fpbxsvc-http (1 references)
Chain fpbxsvc-https (1 references)
Chain fpbxsvc-iax (1 references)
Chain fpbxsvc-isymphony (0 references)
Chain fpbxsvc-letsencrypt (0 references)
Chain fpbxsvc-nfs (0 references)
Chain fpbxsvc-ntp (1 references)
Chain fpbxsvc-pjsip (1 references)
Chain fpbxsvc-provis (1 references)
Chain fpbxsvc-provis_ssl (1 references)
Chain fpbxsvc-restapps (2 references)
Chain fpbxsvc-restapps_ssl (1 references)
Chain fpbxsvc-smb (0 references)
Chain fpbxsvc-ssh (1 references)
Chain fpbxsvc-tftp (1 references)
Chain fpbxsvc-ucp (2 references)
Chain fpbxsvc-vpn (0 references)
Chain fpbxsvc-webrtc (0 references)
Chain fpbxsvc-xmpp (0 references)
Chain fpbxsvc-zulu (1 references)
Chain fpbxtempwhitelist (1 references)
Chain lefilter (1 references)
Chain rejsvc-isymphony (1 references)
Chain rejsvc-nfs (1 references)
Chain rejsvc-provis (1 references)
Chain rejsvc-smb (1 references)
Chain rejsvc-vpn (1 references)
Chain rejsvc-webrtc (1 references)
Chain rejsvc-xmpp (1 references)
Chain zone-external (0 references)
Chain zone-internal (5 references)
Chain zone-other (0 references)
Chain zone-trusted (22 references)
[root@24408486 ~]# [root@24408486 ~]# iptables -L -n |grep Chain
Chain fail2ban-PBX-GUI (1 references)
Chain fail2ban-SIP (1 references)
Chain fail2ban-SSH (1 references)
Chain fail2ban-apache-auth (1 references)
Chain fail2ban-api (1 references)
Chain fail2ban-openvpn (1 references)
Chain fail2ban-recidive (1 references)
Chain fpbx-rtp (1 references)
Chain fpbxattacker (6 references)
Chain fpbxblacklist (1 references)
Chain fpbxchecktempwhitelist (1 references)
Chain fpbxfirewall (1 references)
Chain fpbxhosts (1 references)
Chain fpbxinterfaces (1 references)
Chain fpbxknownreg (16 references)
Chain fpbxlogdrop (1 references)
Chain fpbxnets (1 references)
Chain fpbxratelimit (1 references)
-bash: [root@24408486: command not found
Chain fpbxregistrations (1 references)
Chain fpbxreject (1 references)
Chain fpbxrfw (1 references)
Chain fpbxshortblock (2 references)
Chain fpbxsignalling (1 references)
Chain fpbxsmarthosts (1 references)
Chain fpbxsvc-api (2 references)
Chain fpbxsvc-api_ssl (2 references)
Chain fpbxsvc-chansip (1 references)
Chain fpbxsvc-ftp (1 references)
[root@24408486 ~]# Chain INPUT (policy ACCEPT)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain FORWARD (policy ACCEPT) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain OUTPUT (policy ACCEPT)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fail2ban-BadBots (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fail2ban-FTP (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fail2ban-PBX-GUI (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fail2ban-SIP (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fail2ban-SSH (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fail2ban-apache-auth (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fail2ban-api (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fail2ban-openvpn (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fail2ban-recidive (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbx-rtp (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxattacker (6 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxblacklist (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxchecktempwhitelist (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxfirewall (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxhosts (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxinterfaces (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxknownreg (16 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxlogdrop (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxnets (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxratelimit (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxregistrations (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxreject (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxrfw (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxshortblock (2 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsignalling (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsmarthosts (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-api (2 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-api_ssl (2 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-chansip (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-ftp (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-http (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-https (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-iax (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-isymphony (0 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-letsencrypt (0 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-nfs (0 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-ntp (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-pjsip (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-provis (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-provis_ssl (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-restapps (2 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-restapps_ssl (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-smb (0 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-ssh (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-tftp (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-ucp (2 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-vpn (0 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-webrtc (0 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxsvc-xmpp (0 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain fpbxsvc-zulu (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain fpbxtempwhitelist (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain lefilter (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain rejsvc-isymphony (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain rejsvc-nfs (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain rejsvc-provis (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain rejsvc-smb (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain rejsvc-vpn (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain rejsvc-webrtc (1 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain rejsvc-xmpp (1 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain zone-external (0 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain zone-internal (5 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# Chain zone-other (0 references)
-bash: syntax error near unexpected token (' [root@24408486 ~]# Chain zone-trusted (22 references) -bash: syntax error near unexpected token
(’
[root@24408486 ~]# [root@24408486 ~]#
-bash: [root@24408486: command not found
[root@24408486 ~]#
dicko
(dicko)
January 7, 2022, 10:36pm
4
It is noted that it ‘should’, your sh request for ‘Chain INPUT (policy ACCEPT)’ came from where?
The content of your INPUT chain might well prevent fail2ban doing it’s stuff
iptables -L INPUT
sorvani
(Jared Busch)
January 9, 2022, 4:16am
5
Short answer: No and no.
Longer Answer: of course, it is fail2ban, you can do lots of things. But the problem with running a distro system is the old version of fail2ban in use. Also, by using the distro, the distro should be the “owner” of your various security stuff, and the distro has no such built-in functionality. You can get around it, but it is honestly just a waste of time. Turn off the responsive firewall and just whitelist your known good IP addresses. Then you don’t have to worry. Of course if you have roaming users youmay want it on, there is not much you can do then.
Sorvani thank you for the excellent comment.
system
(system)
Closed
February 11, 2022, 12:03am
7
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.