Not sure if this is a problem but I noticed that the Distro integrated firewall (13.0.40.1) does not seem to create fail2ban chains in the firewall unless fail2ban is re-started from System Admin.
on System start or fwconsole restart:
[root@ABC ~]# iptables -L fail2ban-SIP
iptables: No chain/target/match by that name.
[root@ABC ~]#
what does fail2ban-client status show? On my systems (which I’ve already modified with changes to jail.conf and asterisk-custom.conf (in filter.d) to make sure we catch the Unknown SIP connections. I tested on a few of my systems, and can confirm the behavior you’re describing. Maybe you should file a bug report.
Note: the fail2ban-SIP jail, only has one rule in it (/etc/fail2ban/filter.d/freepbx.conf), looking for authentication failure for .* from , so that will only catch login attempts. My larger concern is that none of the asterisk-*.conf files in the filter.d folder are being used…
If the responsive firewall is enabled, it probably can’t let fail2ban block the offending IP on the first couple of attempts as this is contrary to the desired behavior.
Not sure how this should be handled as the responsive firewall is kinda cool but a bit too relaxed for my taste. Maybe after allowing x amounts of register attempts, pass it to fail2ban so whatever setting we have defined there kicks in?
Or maybe fail2ban settings should trump the responsive firewall settings so if I set fail2ban to block an IP after x attempts then the responsive firewall should allow it. Rob any comments?