I have my fusion setup properly (I think) for fail2ban. It is blocking prt 80/443 for web traffic after 3 bad passwords. Registering on SIP traffic on 5060 is not. I purposely tried inaccurate logins. I get this in in the log windows (x100) but it never blocks the IP is is coming from:
2024-11-08 03:12:17.523521 99.43% [WARNING] sofia_reg.c:3210 Can't find user [102@test] from 73.18.xx.xxx
Anything I am missing?
My jail.local file is :
[ssh]
enabled = true
port = 22
protocol = ssh
filter = sshd
logpath = /var/log/auth.log
action = iptables-allports[name=sshd, protocol=all]
maxretry = 6
findtime = 60
bantime = 86400
[freeswitch]
enabled = true
port = 5060:5091
protocol = all
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch, protocol=all]
maxretry = 5
findtime = 60
bantime = 3600
# sendmail-whois[name=FreeSwitch, dest=root, sender=[email]fail2ban@example.org[/email]] #no smtp server installed
[freeswitch-acl]
enabled = false
port = 5060:5091
protocol = all
filter = freeswitch-acl
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-acl, protocol=all]
maxretry = 5
findtime = 60
bantime = 86400
[freeswitch-ip]
enabled = true
port = 5060:5091
protocol = all
filter = freeswitch-ip
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-ip, protocol=all]
maxretry = 1
findtime = 60
bantime = 86400
[auth-challenge-ip]
enabled = false
port = 5060:5091
protocol = all
filter = auth-challenge-ip
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=auth-challenge-ip, protocol=all]
maxretry = 1
findtime = 60
bantime = 86400
[sip-auth-challenge]
enabled = false
port = 5060:5091
protocol = all
filter = sip-auth-challenge
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=sip-auth-challenge, protocol=all]
maxretry = 5
findtime = 60
bantime = 7200
[sip-auth-failure]
enabled = false
port = 5060:5091
protocol = all
filter = sip-auth-failure
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=sip-auth-failure, protocol=all]
maxretry = 5
findtime = 60
bantime = 7200
[fusionpbx-404]
enabled = false
port = 5060:5091
protocol = all
filter = fusionpbx-404
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=fusionpbx-404, protocol=all]
maxretry = 6
findtime = 60
bantime = 86400
[fusionpbx]
enabled = true
port = 80,443
protocol = tcp
filter = fusionpbx
logpath = /var/log/auth.log
action = iptables-allports[name=fusionpbx, protocol=all]
# sendmail-whois[name=fusionpbx, dest=root, sender=[email]fail2ban@example.org[/email]] #no smtp server installed
maxretry = 3
findtime = 360
bantime = 3600
[fusionpbx-mac]
enabled = true
port = 80,443
protocol = tcp
filter = fusionpbx-mac
logpath = /var/log/syslog
action = iptables-allports[name=fusionpbx-mac, protocol=all]
# sendmail-whois[name=fusionpbx-mac, dest=root, sender=[email]fail2ban@example.org[/email]] #no smtp server installed
maxretry = 3
findtime = 360
bantime = 86400
[nginx-404]
enabled = true
port = 80,443
protocol = tcp
filter = nginx-404
logpath = /var/log/nginx/access*.log
action = iptables-allports[name=nginx-404, protocol=all]
bantime = 3600
findtime = 360
maxretry = 3
[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 300 pages in 60 seconds, or 5p/s average, is suspicious)
enabled = true
port = 80,443
protocol = tcp
filter = nginx-dos
logpath = /var/log/nginx/access*.log
action = iptables-allports[name=nginx-dos, protocol=all]
findtime = 60
bantime = 86400
maxretry = 80
2024-11-08 03:12:17.523521 99.43% [WARNING] sofia_reg.c:3210 Can't find user [102@test] from 73.18.xx.xxx
Anything I am missing?
My jail.local file is :
[ssh]
enabled = true
port = 22
protocol = ssh
filter = sshd
logpath = /var/log/auth.log
action = iptables-allports[name=sshd, protocol=all]
maxretry = 6
findtime = 60
bantime = 86400
[freeswitch]
enabled = true
port = 5060:5091
protocol = all
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch, protocol=all]
maxretry = 5
findtime = 60
bantime = 3600
# sendmail-whois[name=FreeSwitch, dest=root, sender=[email]fail2ban@example.org[/email]] #no smtp server installed
[freeswitch-acl]
enabled = false
port = 5060:5091
protocol = all
filter = freeswitch-acl
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-acl, protocol=all]
maxretry = 5
findtime = 60
bantime = 86400
[freeswitch-ip]
enabled = true
port = 5060:5091
protocol = all
filter = freeswitch-ip
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-ip, protocol=all]
maxretry = 1
findtime = 60
bantime = 86400
[auth-challenge-ip]
enabled = false
port = 5060:5091
protocol = all
filter = auth-challenge-ip
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=auth-challenge-ip, protocol=all]
maxretry = 1
findtime = 60
bantime = 86400
[sip-auth-challenge]
enabled = false
port = 5060:5091
protocol = all
filter = sip-auth-challenge
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=sip-auth-challenge, protocol=all]
maxretry = 5
findtime = 60
bantime = 7200
[sip-auth-failure]
enabled = false
port = 5060:5091
protocol = all
filter = sip-auth-failure
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=sip-auth-failure, protocol=all]
maxretry = 5
findtime = 60
bantime = 7200
[fusionpbx-404]
enabled = false
port = 5060:5091
protocol = all
filter = fusionpbx-404
logpath = /var/log/freeswitch/freeswitch.log
#logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=fusionpbx-404, protocol=all]
maxretry = 6
findtime = 60
bantime = 86400
[fusionpbx]
enabled = true
port = 80,443
protocol = tcp
filter = fusionpbx
logpath = /var/log/auth.log
action = iptables-allports[name=fusionpbx, protocol=all]
# sendmail-whois[name=fusionpbx, dest=root, sender=[email]fail2ban@example.org[/email]] #no smtp server installed
maxretry = 3
findtime = 360
bantime = 3600
[fusionpbx-mac]
enabled = true
port = 80,443
protocol = tcp
filter = fusionpbx-mac
logpath = /var/log/syslog
action = iptables-allports[name=fusionpbx-mac, protocol=all]
# sendmail-whois[name=fusionpbx-mac, dest=root, sender=[email]fail2ban@example.org[/email]] #no smtp server installed
maxretry = 3
findtime = 360
bantime = 86400
[nginx-404]
enabled = true
port = 80,443
protocol = tcp
filter = nginx-404
logpath = /var/log/nginx/access*.log
action = iptables-allports[name=nginx-404, protocol=all]
bantime = 3600
findtime = 360
maxretry = 3
[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 300 pages in 60 seconds, or 5p/s average, is suspicious)
enabled = true
port = 80,443
protocol = tcp
filter = nginx-dos
logpath = /var/log/nginx/access*.log
action = iptables-allports[name=nginx-dos, protocol=all]
findtime = 60
bantime = 86400
maxretry = 80
