Permanently ban ip's in freepbx15


#1

In freepbx 15, is there a way to permanently ban IP’s in intrusion detection?
I’ve already set the ban time to -1, but when freepbx is restarted all the banned IP’s are gone.

Thanks


(Moussa) #2

In FIrewall >> Services (right side menu) >> Blacklist, you can permanently block IPs there


#3

That’s manually banning IP’s though, right? Whereas Intrusion Detection automatically ban’s the IP’s without human intervention. Much more useful.

So to clarify, is there a way to configure Intrusion Detection in FreepBX 15 to permanently ban IP’s, even after restarting?


#4

Fail2ban versions greater than 0.8 do that natively as the bans maintain over a restart. Ensure the recividist jail is operational.

https://www.fail2ban.org/wiki/index.php/Downloads


#5

@dicko that’s strange. This is the fail2ban version in FreePBX 15

[root@freepbx ~]# fail2ban-client -V
Fail2Ban v0.8.14

Did you mean the recidive jail? This is it’s status.

Status for the jail: recidive
|- filter
|  |- File list:        /var/log/fail2ban.log-20191108 /var/log/fail2ban.log
|  |- Currently failed: 2
|  `- Total failed:     2
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

#6

You would have to take that up with your packager.

Unfortunately that version of Fail2ban holds it’s bans in memory, the recidive data goes away along with everything else on a restart of Fail2ban and has to be derived from the log file which might or might not be useful. 0.9 moved to sqlite3 for it’s datastore


#7

Well, I don’t know what’s going on, but I upgraded to version 9 using these commands

wget https://github.com/fail2ban/fail2ban/releases/download/0.9.0/fail2ban-0.9.0.tar.gz
tar -zxvf fail2ban-0.9.0.tar.gz
cd fail2ban-0.9.0
./setup.py install

and this is confirmation that fail2ban was upgraded

[root@freepbx ~]# fail2ban-client -V
Fail2Ban v0.9.0

But still when fail2ban is restarted, all the IP’s in Intrusion Detection disappear.


#8

I can’t speak for the GUI as I can’t use it but at the bottom of Fail2ban working . . .

fail2ban-client status asterisk

Will show the current bans imposed , if you want tt investigate causes, jails etc,

sqlite3 /var/lib/fail2ban/fail2ban.sqlite3


(system) closed #9

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.