Am I being Paranoid

[Andyd358]

Am I worrying too much that someone might get on my PBX?

737994e6-413d-4fc0-809e-e1dde3689b22 2020-03-31 07:53:19.396824 [NOTICE] switch_core_state_machine.c:690 Hangup sofia/internal/71310@XX.XX.XX.51 [CS_NEW] [WRONG_CALL_STATE]
737994e6-413d-4fc0-809e-e1dde3689b22 2020-03-31 07:53:19.396824 [WARNING] switch_core_state_machine.c:687 737994e6-413d-4fc0-809e-e1dde3689b22 sofia/internal/71310@XX.XX.XX.51 Abandoned

 

[DigitalDaz]

As long as you are using domain based tenants, edit your /etc/fail2ban/jail.local and activate the two rules you see regarding IP that are by default disabled.

 

[Andyd358]

[freeswitch-ip-tcp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-ip
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp]
maxretry = 1
findtime = 30
bantime = 86400

[freeswitch-ip-udp]
enabled = true
port = 5060,5061,5080,5081
protocol = all
filter = freeswitch-ip
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp]
maxretry = 1
findtime = 30
bantime = 86400

 

[DigitalDaz]

Obviously restart fail2ban afterwards

You'll still get the odd attempts until fail2ban kills them of but you should be able to see them being added to the banlist with: iptables -L -n

 

[Andyd358]

Obviously restart fail2ban afterwards

You'll still get the odd attempts until fail2ban kills them of but you should be able to see them being added to the banlist with: iptables -L -n

Cheers pal

Love the way Ping answers with Pong that just made me chuckle