Difference between revisions of "Telephone system:fail2ban"
(created fail2ban page just in case the server crashes again) |
(No difference)
|
Revision as of 16:31, 29 November 2016
For the telephone system, apart from the (mild) default fail2ban freeswitch filter, two additional filters are created (Source: http://wiki.freeswitch.org/wiki/Fail2ban):
/etc/fail2ban/filter.d/freeswitch-dos.conf
[Definition] failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST> ignoreregex =
/etc/fail2ban/filter.d/freeswitch-ip.conf
[Definition] failregex = \[DEBUG\] sofia_reg\.c:\d+ sofia\/external\/.+@\d+\.\d+\.\d+\.\d+\ receiving invite from <HOST> version ignoreregex =
/etc/fail2ban/jail.local
[freeswitch] enabled = true port = 5060,5061,5080,5081 filter = freeswitch logpath = /usr/local/freeswitch/log/freeswitch.log maxretry = 10 # ban for a week bantime = 604800 action = iptables-allports[name=freeswitch, protocol=all] [freeswitch-dos] enabled = true port = 5060,5061,5080,5081 filter = freeswitch-dos logpath = /usr/local/freeswitch/log/freeswitch.log action = iptables-allports[name=freeswitch-dos, protocol=all] maxretry = 20 findtime = 120 # ban for 24 hours bantime = 86400 [freeswitch-ip] enabled = false port = 5060,5061,5080,5081 filter = freeswitch logpath = /usr/local/freeswitch/log/freeswitch.log maxretry = 2 # ban for a week bantime = 604800 action = iptables-allports[name=freeswitch, protocol=all] [DEFAULT] # Considered safe # kingofdos.eu 185.66.250.17 # kingofdos.eu 91.218.127.87 # kingofdos.eu 164.138.31.26 # sip.speakup.nl 193.169.138.26 # sip.speakup.nl 193.169.139.26 # self: 666.666.666.666 ignoreip = 127.0.0.1/8 185.66.250.17 91.218.127.87 164.138.31.26 193.169.138.26 193.169.139.26 666.666.666.666 bantime = 600 maxretry = 3