In freepbx 15, is there a way to permanently ban IP’s in intrusion detection?
I’ve already set the ban time to -1, but when freepbx is restarted all the banned IP’s are gone.
Thanks
In freepbx 15, is there a way to permanently ban IP’s in intrusion detection?
I’ve already set the ban time to -1, but when freepbx is restarted all the banned IP’s are gone.
Thanks
In FIrewall >> Services (right side menu) >> Blacklist, you can permanently block IPs there
That’s manually banning IP’s though, right? Whereas Intrusion Detection automatically ban’s the IP’s without human intervention. Much more useful.
So to clarify, is there a way to configure Intrusion Detection in FreepBX 15 to permanently ban IP’s, even after restarting?
Fail2ban versions greater than 0.8 do that natively as the bans maintain over a restart. Ensure the recividist jail is operational.
@dicko that’s strange. This is the fail2ban version in FreePBX 15
[root@freepbx ~]# fail2ban-client -V
Fail2Ban v0.8.14
Did you mean the recidive jail? This is it’s status.
Status for the jail: recidive
|- filter
| |- File list: /var/log/fail2ban.log-20191108 /var/log/fail2ban.log
| |- Currently failed: 2
| `- Total failed: 2
`- action
|- Currently banned: 0
| `- IP list:
`- Total banned: 0
You would have to take that up with your packager.
Unfortunately that version of Fail2ban holds it’s bans in memory, the recidive data goes away along with everything else on a restart of Fail2ban and has to be derived from the log file which might or might not be useful. 0.9 moved to sqlite3 for it’s datastore
Well, I don’t know what’s going on, but I upgraded to version 9 using these commands
wget https://github.com/fail2ban/fail2ban/releases/download/0.9.0/fail2ban-0.9.0.tar.gz
tar -zxvf fail2ban-0.9.0.tar.gz
cd fail2ban-0.9.0
./setup.py install
and this is confirmation that fail2ban was upgraded
[root@freepbx ~]# fail2ban-client -V
Fail2Ban v0.9.0
But still when fail2ban is restarted, all the IP’s in Intrusion Detection disappear.
I can’t speak for the GUI as I can’t use it but at the bottom of Fail2ban working . . .
fail2ban-client status asterisk
Will show the current bans imposed , if you want tt investigate causes, jails etc,
sqlite3 /var/lib/fail2ban/fail2ban.sqlite3
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.