Difference between revisions of "Telephone system:fail2ban"

From Hackerspace ACKspace
Jump to: navigation, search
(created fail2ban page just in case the server crashes again)
(No difference)

Revision as of 16:31, 29 November 2016

For the telephone system, apart from the (mild) default fail2ban freeswitch filter, two additional filters are created (Source: http://wiki.freeswitch.org/wiki/Fail2ban):

/etc/fail2ban/filter.d/freeswitch-dos.conf

[Definition]
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
ignoreregex =

/etc/fail2ban/filter.d/freeswitch-ip.conf

[Definition]
failregex = \[DEBUG\] sofia_reg\.c:\d+ sofia\/external\/.+@\d+\.\d+\.\d+\.\d+\ receiving invite from <HOST> version
ignoreregex =

/etc/fail2ban/jail.local

[freeswitch]
enabled  = true
port     = 5060,5061,5080,5081
filter   = freeswitch
logpath  = /usr/local/freeswitch/log/freeswitch.log
maxretry = 10
# ban for a week
bantime  = 604800
action   = iptables-allports[name=freeswitch, protocol=all]

[freeswitch-dos]
enabled = true
port = 5060,5061,5080,5081
filter = freeswitch-dos
logpath = /usr/local/freeswitch/log/freeswitch.log
action = iptables-allports[name=freeswitch-dos, protocol=all]
maxretry = 20
findtime = 120
# ban for 24 hours
bantime  = 86400

[freeswitch-ip]
enabled  = false
port     = 5060,5061,5080,5081
filter   = freeswitch
logpath  = /usr/local/freeswitch/log/freeswitch.log
maxretry = 2
# ban for a week
bantime  = 604800
action   = iptables-allports[name=freeswitch, protocol=all]

[DEFAULT]
# Considered safe
# kingofdos.eu 185.66.250.17
# kingofdos.eu 91.218.127.87
# kingofdos.eu 164.138.31.26
# sip.speakup.nl 193.169.138.26
# sip.speakup.nl 193.169.139.26
# self: 666.666.666.666
ignoreip = 127.0.0.1/8 185.66.250.17 91.218.127.87 164.138.31.26 193.169.138.26 193.169.139.26 666.666.666.666
bantime  = 600
maxretry = 3