Firewall/Fail2Ban blocking entire subnet occasionally

We are experiencing an issue with a block of IP’s being blocked by either the Firewall or Fail2Ban. Our current route for external traffic is Cloudflare → AWS ELB → FreePBX. We do have EC2 instances that will reach out directly to FreePBX without going through the ELB or Cloudflare. Occasionally for whatever reason though, most traffic is blocked from accessing FreePBX by HTTP/S and SSH. This includes traffic coming from whitelisted subnets in the system administration module and inside the firewall module. The only way we can access the FreePBX server when this happens is by directly browsing to the public IP of the EC2 instance, which for some reason seems to bypass the firewall entirely. The fix we have been doing for months now has been to just restart the firewall and everything starts working again. I have combed through the logs to see if I noticed anything but I don’t. Typically when Fail2Ban blocks an IP address we will receive an email. However when this happens we don’t. It is worth noting that we are not using the responsive firewall. Does anyone have any idea where to look?

At the time of a block use

iptables -nL

to see in which chain the rule was added,

1 Like

The strange thing is that HTTP/S is the only accessible thing from the public IP of the EC2 instance when this happens. SSH will become available by hostname and direct IP once firewall is restarted. Not sure how HTTP/S is available but SSH isn’t during the firewall block.

Perhaps it wouldn’t be so strange if you did as I asked :wink:

If the firewall is blocking SSH access into the server how am I supposed to run that command? Like I said the only thing accessible is the web interface

Keep a ssh session up, it should maintain through a “ban” rule being added

1 Like

The console is always available

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.