I see a strange issue with fail2ban on FreePBX 17.
Sysadmin version: 17.0.2.4, Intrusion Detection Sync Firewall legacy mode.
We got one IP address banned because of wrong password used, so that’s correct. We fixed the issue one day ago and have put the public IP address in the whitelist on intrusion detection temporally. One day later we removed the IP from the whitelist but fail2ban directly bans the same IP address (with as the reason - SIP). In the logs I do not see any event that can cause this ban, I only see good registration attempts (SuccessfulAuth and ChallengeSent), no events by the fail2ban jail regex happen…
My company has had this issue. If you look in /etc/fail2ban/jail.local on a FreePBX 16 system, you will see the IPs you exempt under
[DEFAULT]
ignoreip =
FreePBX 17 doesn’t add the entries. My colleague at my company opened a bug report about this, but he’s away on vacation right now and I don’t see the bug still open. I could be missing it though.
I confirmed that the FreePBX 17 system I checked has up to date modules. It looks like it’s showing only the IPs on the local interfaces and nothing from the list of exceptions that I added in the GUI in Intrusion Detection.
Confirmed with firewall module ver 17.0.1.30. If the firewall advanced setting “Intrusion Detection Sync Firewall” is set to enabled, then the firewall module DOES NOT ADD IPs to the fail2ban whitelist config. You can work around this by setting Intrusion Detection Sync Firewall to legacy. @kgupta has this been reported yet?
I’m editing my post because I had asked how to change Detection Sync Firewall to legacy. I found it from another forum post. Click on the three gears in the Intrusion Detection panel in System Admin. It pops up another box with Advanced Settings. That gives you the option to change to legacy mode.
Edit again: This wipes out (or hides maybe, I’m not sure) the IPs that I had whitelisted in the GUI. I have them in a list in a file, so I pasted them back in again. Now they all show up in jail.local just like in FreePBX 16. Thank you @kingarthur