IP address keeps getting banned even when excluded in Firewall


(Volkswagner) #1

I have a remote location with two Yealink devices.

I have a DNS name added to the firewall as “trusted - excluded from firewall” yet
the ip still get’s banned in fail2ban asterisk-iptables.

I’m running FreePBX 14.0.13.40

I’m not sure what to do to prevent these devices from getting banned.

After adding the hostname, to firewall to I have to manually reload/restart anything?

What can I do to further troubleshoot?
What should I look for in logs?

I do see “Failed to authenticate” for the remote extension, but why is it getting banned. I have
a feeling remote network issues may be causing the failures but I’ll need to do a packet capture
to know for sure.

Should the IP still get banned for failures if it’s excluded in firewall network as trusted?

Well, I do see something interesting:
Request ‘INVITE’ from ‘sip:49.144.111.111

It seems the phone is not sending the authname, or it’s getting lost somewhere.

Thanks!


(Jared Busch) #2

Upgrade to Edge.
https://community.freepbx.org/t/major-facelift-to-the-freepbx-firewall/71750