Difference between revisions of "Telephone system:fail2ban"
(created fail2ban page just in case the server crashes again) |
m (fixed logpath) |
||
| Line 1: | Line 1: | ||
| − | For the telephone system, apart from the (mild) default fail2ban freeswitch filter, two additional filters are created | + | For the telephone system, apart from the (mild) default fail2ban freeswitch filter, two additional filters are created. |
| + | Make sure the logpath is correct. | ||
(Source: [http://wiki.freeswitch.org/wiki/Fail2ban http://wiki.freeswitch.org/wiki/Fail2ban]): | (Source: [http://wiki.freeswitch.org/wiki/Fail2ban http://wiki.freeswitch.org/wiki/Fail2ban]): | ||
| Line 22: | Line 23: | ||
port = 5060,5061,5080,5081 | port = 5060,5061,5080,5081 | ||
filter = freeswitch | filter = freeswitch | ||
| − | logpath = / | + | logpath = /var/log/freeswitch/freeswitch.log |
maxretry = 10 | maxretry = 10 | ||
# ban for a week | # ban for a week | ||
| Line 32: | Line 33: | ||
port = 5060,5061,5080,5081 | port = 5060,5061,5080,5081 | ||
filter = freeswitch-dos | filter = freeswitch-dos | ||
| − | logpath = / | + | logpath = /var/log/freeswitch/freeswitch.log |
action = iptables-allports[name=freeswitch-dos, protocol=all] | action = iptables-allports[name=freeswitch-dos, protocol=all] | ||
maxretry = 20 | maxretry = 20 | ||
| Line 43: | Line 44: | ||
port = 5060,5061,5080,5081 | port = 5060,5061,5080,5081 | ||
filter = freeswitch | filter = freeswitch | ||
| − | logpath = / | + | logpath = /var/log/freeswitch/freeswitch.log |
maxretry = 2 | maxretry = 2 | ||
# ban for a week | # ban for a week | ||
Revision as of 16:38, 29 November 2016
For the telephone system, apart from the (mild) default fail2ban freeswitch filter, two additional filters are created. Make sure the logpath is correct. (Source: http://wiki.freeswitch.org/wiki/Fail2ban):
/etc/fail2ban/filter.d/freeswitch-dos.conf
[Definition] failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST> ignoreregex =
/etc/fail2ban/filter.d/freeswitch-ip.conf
[Definition] failregex = \[DEBUG\] sofia_reg\.c:\d+ sofia\/external\/.+@\d+\.\d+\.\d+\.\d+\ receiving invite from <HOST> version ignoreregex =
/etc/fail2ban/jail.local
[freeswitch] enabled = true port = 5060,5061,5080,5081 filter = freeswitch logpath = /var/log/freeswitch/freeswitch.log maxretry = 10 # ban for a week bantime = 604800 action = iptables-allports[name=freeswitch, protocol=all] [freeswitch-dos] enabled = true port = 5060,5061,5080,5081 filter = freeswitch-dos logpath = /var/log/freeswitch/freeswitch.log action = iptables-allports[name=freeswitch-dos, protocol=all] maxretry = 20 findtime = 120 # ban for 24 hours bantime = 86400 [freeswitch-ip] enabled = false port = 5060,5061,5080,5081 filter = freeswitch logpath = /var/log/freeswitch/freeswitch.log maxretry = 2 # ban for a week bantime = 604800 action = iptables-allports[name=freeswitch, protocol=all] [DEFAULT] # Considered safe # kingofdos.eu 185.66.250.17 # kingofdos.eu 91.218.127.87 # kingofdos.eu 164.138.31.26 # sip.speakup.nl 193.169.138.26 # sip.speakup.nl 193.169.139.26 # self: 666.666.666.666 ignoreip = 127.0.0.1/8 185.66.250.17 91.218.127.87 164.138.31.26 193.169.138.26 193.169.139.26 666.666.666.666 bantime = 600 maxretry = 3
