I am preparing to use FreeBPX to build a private network phone recently. After running the installation process,I started configuring the FreeBPX server,
Before ten minutes of configuration, there was a situation where WEBGUI could not be accessed. And I tried using the Ping command to probe the FreeBPX server, but found that I couldn’t get a response,At first, I thought it was due to insufficient resources that caused the crash, but when I opened the console of KVM virtualization that hosts FreeBPX, I found that FreeBPX was very idle from start to finish,
Then I accessed the server’s backend through SSH to check the service loading, and there was a prominent list of failed 2ban services. It prompted me that the firewall might have blocked the correct request, so I shut it down and it went back to normal,
I thought it was because the official packaging image disk was too new, so I replaced it with an old version 15 packaging image disk. However, I still need to manually stop the fail 2ban service.
And I have also tried to uninstall the firewall auxiliary feature of fail 2ban, but found that it has a dependency on the main program and cannot be uninstalled using the yum command,And I tried to stop and turn off the startup, although it could solve the problem for a while, it still takes effect after shutting down and restarting,So please help me come up with an idea, can you permanently uninstall the firewall auxiliary feature of fail 2ban on freebpx.
it sounds like something from your IP is hitting the PBX with bad login attempts immediately and causing your IP to get banned. I’d start by figuring out why the Fail2Ban is being triggered instead of trying to simply disable it.
When I finished configuring my account and password and had normal access to the console, I encountered timeouts and disconnections while trying to add some sub SIP landline phones and check the firewall. At this point, Fail2ban may have been erroneously triggered
Please note that in the operation I just mentioned,
I am confident that there are no instances of enumerating logins, bypassing login verification, or potentially triggering Fail2ban
seems unlikely as fail2ban doesn’t work that way to my knowledge. It specifically looks for failed login attempts that surpass a certain threshold (example: 3 failed attempts withing 300 seconds).
Is the PBX on the local network or a remote one? Have you tried placing your IP address into the whitelist of the Intrusion Detection settings of the firewall module?
fail2ban activity is logged in /var/log/fail2ban.log, you will see when and why your IP was banned in there.
2024-01-01 12:05:56,701 fail2ban.actions[10077]: WARNING [asterisk-iptables] Ban 192.168.1.24
2024-01-01 12:11:43,748 fail2ban.server [10077]: INFO Stopping all jails
2024-01-01 12:11:44,352 fail2ban.jail [10077]: INFO Jail ‘apache-tcpwrapper’ stopped
2024-01-01 12:11:44,529 fail2ban.jail [10077]: INFO Jail ‘recidive’ stopped
2024-01-01 12:11:45,195 fail2ban.jail [10077]: INFO Jail ‘ssh-iptables’ stopped
2024-01-01 12:11:45,530 fail2ban.jail [10077]: INFO Jail ‘apache-badbots’ stopped
2024-01-01 12:11:46,208 fail2ban.jail [10077]: INFO Jail ‘pbx-gui’ stopped
2024-01-01 12:11:47,163 fail2ban.actions[10077]: WARNING [asterisk-iptables] Unban 192.168.1.24
2024-01-01 12:11:47,201 fail2ban.jail [10077]: INFO Jail ‘asterisk-iptables’ stopped
2024-01-01 12:11:47,995 fail2ban.jail [10077]: INFO Jail ‘vsftpd-iptables’ stopped
2024-01-01 12:11:47,996 fail2ban.server [10077]: INFO Exiting Fail2ban
This 192.168.1.24 is the local area network address of the laptop that was logged into the BPX web console with the correct username and password at the time.
The username and password were not entered incorrectly,And this error ban was triggered after I logged into the BPX web console and operated for a while.
At that time, the configuration was done on the local network, and there was no intrusion detection module installed on the local network.
You will find the ‘failregex’ that 192.168.1.24 matched in the ‘asterisk-iptables’ jail in /etc/fail2ban/filter.d .conf files
Intrusion detection is set up in FreePBX under Connectivity > Firewwall > Intrusion detection
If you don’t have firewall installed it will be found under Admin > System Admin > Intrusion detection
Perhaps I should tell you that I am using the latest version of the system installation disk officially packaged by FreeBPX,I just searched for the option you just mentioned, but couldn’t find it.
Perhaps I should tell you that it was not only the main program’s protective measures that were mistakenly banned at that time.
But instead, the laptop used to configure FreeBPX cannot directly contact FreeBPX, and timeouts have occurred in all three protocols, TCP/UDP/ICMP, and its IP address is exactly 192.168.1.24, which I just mentioned
At that time, I was unaware that it was possible that Fail2ban assisted the iptables firewall in blocking the originally normal request,I changed my phone and tried to make a normal request to the FreeBPX server, but I just checked the FreeBPX web console on my phone for a while,And then my phone won’t be able to access the FreeBPX server either
you can use `fail2ban-regex’ to find out exactly which log line what caused the ban (it has a ‘man page’)
The ‘Action’ taken by the ‘jail’ defines the rules added on a match, generally the IP is banned from all ports but that could be changed if you really wanted to just drop traffic on the matched port(s)
Fail2ban doesn’t ‘assist’ the FreePBX firewall, it is a completely separate set of iptables chains.
My friend also used FreeBPX as his network phone system, but he also experienced the same situation as me.
At present, I don’t have time to solve the problem of incorrect blocking of the built-in firewall. I have found a better firewall system to protect my own FreeBPX server, so I just want to completely shut down the built-in firewall on the system.
The firewall, like the person who designed it, is very opinionated. It makes a lot of decisions for you and that can easily result in unintentionally getting banned. It’s best to leave it disabled and add firewall rules manually imo.
Are you asking how to do that? Just go into the UI > Connectivity > Firewall menu and disable it. Also shut down fail2ban using systemctl disable fail2ban && systemctl stop fail2ban
If you want to keep fail2ban running then you will need to whitelist your IPs in UI > Admin > System Admin > Intrusion detection.
What distro of FreePBX are you using??? you should be using Distro 16. If so I have no idea why you can’t find the settings I suggested…
in the FreePBX admin web interface:
Connectivity > Firewall > Intrusion Detection.
if you are not running or chose not to install the firewall then the intrucsion detection (AKA Fail2Ban) can be found under:
Admin > System Admin > Intrusion Detection.
This may not work, as after the FreePBX node restarts, it will return to the state where the firewall is running.I directly deleted the service file of Fail2ban on my end, making it bootable.