Continuing the discussion from FreePBX Responsive Firewall 13.0.24 not detecting attacks:
Lorne, question for you.
If I were to forward external port 5060 to [something else] for my known VSPs as suggested by dicko above, (placing the prerouting rule at the start of the IPTABLES) and I were to open port [something else] for my dynamic clients, will your firewall still operate as expected?
Also, should I still be running Fail2Ban with this firewall or not?
It’s not my Firewall. I suspect this arrangement will work, tho if the firewall is properly configured, it shouldn’t be necessary. Test it and try.
You can, they don’t interfere with each other. Provided you have no compelling reason (such as insufficient resources) to stop fail2ban it will work work away in the background doing nearly nothing.
fail2ban can do a lot more than just watch asterisk, if you configure apache-nohome and apache-noscript you might be surprised at the hits you get. Many of the recent asterisk penetrations have originated indirectly through httpd services, so it does absolutely no harm to leave it running even if your firewall is perfect in blocking sip attacks, if you have tcp/5038 open to the world, then that also needs to be watched.
Many thanks again. Sorry for jumping to conclusions about this being “your” firewall.
Everything (including Fail2Ban) seems to be working now.