Own Entries to Fail2Ban jail.local

pbaeumel · June 7, 2015, 12:42pm

Hi all,

as I want to use some additional VOIP-Blacklists for Fail2Ban (voipbl.org / blocklist.de) I m in need for some additional entries to jail.local / jail.conf. I m using FreePBX-Distro 6.12.65-27 and I dont like to uninstall Sysadmin-Moule.

For voipbl.org the following line has to be added to the action:

voipbl[serial=XXXXXXXXXX]

Full example will be:

[asterisk-iptables]
action = iptables-allports[name=ASTERISK, protocol=all]
         voipbl[serial=XXXXXXXXXX]

Is there any way to do this? For example: Is it possible to change the template for jail.local or the script which generates the file jail.local?

Additionally I would like to suggest to add a possibility for including an own jail-fail to the generated jail.local in FreePBX-Distro.

Best regards,
Patrick B.

dicko · June 8, 2015, 4:25pm

You could easily install CSF and add:-

BLDE|86400|0|http://lists.blocklist.de/lists/sip.txt
VOIPBL|86400|0|http://www.voipbl.org/update/

to /etc/csf/csf.blocklists, you will need to defer fail2ban to CSF

/etc/csf/csfpost.sh
#!/bin/sh
/etc/init.d/fail2ban start

and

/etc/csf/csfpre.sh
#!/bin/sh
/etc/init.d/fail2ban stop

That way you will have all of the benefits of a firewall as well as fail2ban’s dynamic filtering. RBL’s are not really dynamic and don’t belong in fail2ban but in the underlying iptables, and if ipset is available (not most hosted solutions) it can “hash” the large tables efficiently, if your system supports it then edit csf.conf

LF_IPSET = "1"
DENY_IP_LIMIT = “2000” # (for example)