Where to configure the fail2ban maxretry and recidive parameters


(Norbert Schmidt) #1

Hello,
I’ve just had an offender that trapped the fail2ban SIP filter for 19 times, then waited for a while and then started again.
I would like to lower the maxretry option for the repeating offender in recidive filter to 10 but cannot find any option within the freepbx frontend.
I could change the options within fail2ban on the console, but this will be overwritten by the system.
Is there an advanced firewall settings page that would enable me to change these parameters?

best regards
Norbert Schmidt


(Lorne Gaetz) #2

Admin, System Admin, Intrusion Detection:
https://wiki.freepbx.org/display/FPG/System+Admin+-+Intrusion+Detection


(Matthew Jensen) #3

Sorry to dredge this up. Maybe I’m missing something, but I don’t see any way to lower the maxretry on recidive in fail2ban from the system admin. And I think if I change it from jail.local, it will get reset. Am I missing something obvious, and if not, can that option be added to intrusion detection?


(Tony Lewis - https://bit.ly/2SbDAyc) #4

It’s hard coded and can’t be changed.


(Matthew Jensen) #5

Is this something I could submit a feature request for? 20 bans until recidive seems kinda high.

Or maybe I’m not looking at this right. Are the retries that maxretry is referring to for recidive bans, or just failed attempts? 20 failed attempts isn’t a bad number, but 20 bans would take a long time if you keep the default 1800 second ban time.


(Tony Lewis - https://bit.ly/2SbDAyc) #6

The point to recidive was if someone gets banned 20 times to ban them forever. 1800 seconds ban time is only 30 minutes. So in 24 hours if they get banned 20 times we block them forever.


#7

Actually they are banned for one week only, not forever.