The passed 12 hours I have been getting the following mails from my FreePBX:
Hi,
The IP <IP> has just been banned by Fail2Ban after
73 attempts against SIP on localhost.
Regards,
Fail2Ban
The FreePBX is a VPS hosted by Vultr and I have setup the Vultr firewall to only allow ports 80, 443, 5060, 10000-20000 and 22222. Port 80 from anywhere for Let’s Encrypt and all other ports from my WAN address. So why am I getting Fail2Ban messages from other addresses?
Fail2Ban currently doesn’t show any blocked addresses and it hasn’t sent mails as of 3.58 AM.
If you are allowing 5060 from anywhere then anyone is allowed to try and register to your server. Perhaps you could implement a default DROP policy for your INPUT and only allow known IPs?
I’m allowing ports 443, 5060, 10000-20000 and 22222 only from the offices, so not anywhere. The last rule in the firewall drops all other incoming traffic.
The IP that got banned is an IP I’m not allowing. It hasn’t happened however, so I’m guessing it’s a glitch in the Vultr firewall which I’m going to talk to them about.