More useful Responsive Firewall + Fail2Ban notification settings

I am looking for some suggestions on how to improve Fail2Ban notification emails with the Responsive Firewall enabled.

I love getting the Fail2Ban notifications as they alert me to a potential problem on a given system. Sometimes the firewall was disabled during an update and I have to manually enable it and I find out through Fail2Ban for example.

However on systems with the Responsive Firewall enabled (mostly so that we can support remote phones and Sangoma Connect on cell phones) we end up getting so many that it borders rendering those notifications useless because of how many I get.

Does anyone have a good configuration in place that would allow me to keep the Fail2Ban notifications still coming but it doesn’t send me any for the IPs that have been handled by the Responsive Firewall?

Are you using the default ports for UDP, TCP and TLS???

We change all of your ports for UDP, TCP and TLS to non-standard ports and have lots of remote phones out there using TLS and clients running Sangoma Connect and we get maybe 2-3 Fail2Ban notification emails in 2-3 months that it blocked an attempt…Its definitely not often…

Maybe try changing your ports if you are using default ports…

Huh, that’s actually a great suggestion. However we do have some systems with a SIP trunk provider that doesn’t have the option to configure their connection on non standard SIP ports.

Does Sangoma Connect automatically know what the non standard SIP ports are if you change those on the system?

Yes.

I would say that’s a limitation of the provider and they should be aware how this impacts their customers.

1 Like

Very fair.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.