Fail2ban blocking outbound trunk

[Matthew Main]

Hey guys anyone ever had an issue with fail2ban and iptables auto blocking the ips for a gateway?

i use Simwood and all gateways point to out.simwood.com

It seems to be getting flagged so i cant ping the dns entries or there direct ips until fail2ban is off and iptables rules have been cleared

any ideas?

cheers

Matt

 

[DigitalDaz]

Just put all their SIP servers in the ignore list.

 

[Matthew Main]

I have done now, just weird and wondered how they would have gotten added to the ban list

 

[DigitalDaz]

The answer will be in your log files, see when they got banned in the fail2ban log, then match that in your freeswitch log.

 

[Matthew Main]

nothing is standing out any grep tips to narrow it down

 

[ZPM]

I have made a mistake before with the jail.conf file that caused fail2ban to block my SIP trunk provider IP. The ignoreip= field I accidentally added a customer router IP without the CIDR. XXX.XXX.XXX.XXX BAD XXX.XXX.XXX.XXX/32 GOOD

 

[Incubugs]

This happens every single time i install a new pbx, you simply add it to teh fail2ban ignore as said above and it stops the issue, not sure why it bans it just know it must be added, which is probably best practice anyway

 

[Matthew Main]

Ok cheers guys i will just make sure i white list everything of importance from now on

 

[Adrian Fretwell]

I have had this happen when I have registered a gateway with a SIP provider but forgot to create a destination (inbound route). Freeswitch then puts something like "DID not found" and the SIP providers IP address in the log which fail2ban then picks up on.