Stop fail2ban permanentlyin freepbx 13

mrsassan56 · February 3, 2017, 5:17pm

how to stop fail2ban permanently in freepbx 13
every time i stoped it after a whilte its comoing back
i used also
chkconfig fail2ban off

but after rester server its comming back

GSnover · February 3, 2017, 6:13pm

Fail-2-Ban only kicks in if someone is trying to hack you, or you have devices that are not correctly configured (old credentials and the like) and if you take a minute under System Admin -> Intrusion Detection and exclude your LAN you won’t even have the problem there.

Why would you want to turn it off? It is a REALLY good thing to have it on…

cynjut · February 3, 2017, 6:25pm

I agree with @GSnover in this, Turning Fail2Ban off is a really, really, really bad idea.

Make sure you set up the Integrated Firewall correctly and you will have a reasonably secure system that doesn’t have the problems you are having.

mrsassan56 · February 3, 2017, 6:53pm

My setup is local
I added my local network in intrusion detection
But every day its blocked some of authenticated phone and drop active calls

cynjut · February 3, 2017, 7:03pm

If the phone is authenticated, Fail2Ban will not be invoked.

Fail2Ban will never drop an in-progress call unless someone is trying to hack your system from that address.

You have a different problem than Fail2Ban.

mrsassan56 · February 4, 2017, 7:00am

its right but yesterday all staf is out of office but two phone is block
i check both thats already registerd
my be there is something wrong with fail2ban i know
so try to disalbe its pemanently

cynjut · February 4, 2017, 6:26pm

You are the only one having a problem that would be manifesting itself in literally thousands of installations. It is not a problem with fail2ban, it is a problem with the way you have your system set up. You have not even begun to give us the information we need to help you, and I don’t think anyone is willing to take the responsibility for you losing thousands of dollars from fraudulent calling, so I (for one) am going to stand my ground on this and say that you really need to fix your installation.

mrsassan56 · February 4, 2017, 7:23pm

im agree about fail2ban
also i have many installation thats work fine
i have installed it manually many times and its worked like charm always

my be something wrong with my installation this time
my local area network is 192.168.120.0/24 and i add it to intrusion detection as whitelist

for example this is fail2ban log

2017-01-03 03:48:13,833 fail2ban.actions[7527]: WARNING [asterisk-iptables] Unban 192.168.120.144
2017-01-03 03:49:22,938 fail2ban.actions[7527]: WARNING [asterisk-iptables] Ban 192.168.120.144
2017-01-03 04:19:23,177 fail2ban.actions[7527]: WARNING [asterisk-iptables] Unban 192.168.120.144
2017-01-03 04:20:33,301 fail2ban.actions[7527]: WARNING [asterisk-iptables] Ban 192.168.120.144
2017-01-03 04:50:34,229 fail2ban.actions[7527]: WARNING [asterisk-iptables] Unban 192.168.120.144
2017-01-03 04:51:43,327 fail2ban.actions[7527]: WARNING [asterisk-iptables] Ban 192.168.120.144
2017-01-03 05:21:44,197 fail2ban.actions[7527]: WARNING [asterisk-iptables] Unban 192.168.120.144
2017-01-03 05:22:52,307 fail2ban.actions[7527]: WARNING [asterisk-iptables] Ban 192.168.120.144
2017-01-03 05:52:53,316 fail2ban.actions[7527]: WARNING [asterisk-iptables] Unban 192.168.120.144
2017-01-03 05:54:03,440 fail2ban.actions[7527]: WARNING [asterisk-iptables] Ban 192.168.120.144
2017-01-03 06:24:03,662 fail2ban.actions[7527]: WARNING [asterisk-iptables] Unban 192.168.120.144
2017-01-03 06:25:13,762 fail2ban.actions[7527]: WARNING [asterisk-iptables] Ban 192.168.120.144
2017-01-03 06:55:13,830 fail2ban.actions[7527]: WARNING [asterisk-iptables] Unban 192.168.120.144
2017-01-03 06:56:22,934 fail2ban.actions[7527]: WARNING [asterisk-iptables] Ban 192.168.120.144
2017-01-03 07:26:23,007 fail2ban.actions[7527]: WARNING [asterisk-iptables] Unban 192.168.120.144
2017-01-03 07:27:30,112 fail2ban.actions[7527]: WARNING [asterisk-iptables] Ban 192.168.120.144
2017-01-03 07:57:31,099 fail2ban.actions[7527]: WARNING [asterisk-iptables] Unban 192.168.120.144
2017-01-03 07:58:40,196 fail2ban.actions[7527]: WARNING [asterisk-iptables] Ban 192.168.120.144
2017-01-03 07:58:42,775 fail2ban.actions[7527]: WARNING [recidive] Ban 192.168.120.144
2017-01-03 08:28:41,149 fail2ban.actions[7527]: WARNING [asterisk-iptables] Unban 192.168.120.144
2017-01-07 15:52:30,702 fail2ban.actions[7527]: WARNING [recidive] Unban 192.168.120.144
2017-01-07 15:52:30,714 fail2ban.actions.action[7527]: ERROR iptables -D fail2ban-recidive -s 192.168.120.144 -j REJECT --reject-with icmp-port-unreachable returned 100

this phone is grandstream 1625 and it is registerd phone so some times suddenly this happend and call drops

this my problem

supportsylvain · July 24, 2019, 11:34pm

he is not had many phone blocked by fail2ban over the last year , i don’T want fail2ban and iptables in myh system but im not able to completely remove them

HughPH · August 26, 2020, 12:25am

What’s wrong with answering the question? Fail2ban is nothing but a pain in the arse when you’re trying to get going with this stuff.

chmod -x /bin/fail2ban-*

When you’ve got stuff actually working, just change the -x for +x

lgaetz · September 25, 2020, 12:25am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.