Telephone system:fail2ban

If you have a FreeSWITCH instance running on the public net, changes are people will try to exploit it. Fail2ban tries to mitigate this.

For the telephone system, apart from the (mild) default fail2ban freeswitch filter, two additional filters are created. Make sure the logpath is correct. (Source: http://wiki.freeswitch.org/wiki/Fail2ban):

/etc/fail2ban/filter.d/freeswitch-dos.conf

[Definition]
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
ignoreregex =

/etc/fail2ban/filter.d/freeswitch-ip.conf

[Definition]
failregex = \[DEBUG\] sofia_reg\.c:\d+ sofia\/external\/.+@\d+\.\d+\.\d+\.\d+\ receiving invite from <HOST> version
ignoreregex =

/etc/fail2ban/jail.local

[freeswitch]
enabled  = true
port     = 5060,5061,5080,5081
filter   = freeswitch
logpath  = /var/log/freeswitch/freeswitch.log
maxretry = 10
# ban for a week
bantime  = 604800
action   = iptables-allports[name=freeswitch, protocol=all]

[freeswitch-dos]
enabled = true
port = 5060,5061,5080,5081
filter = freeswitch-dos
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-allports[name=freeswitch-dos, protocol=all]
maxretry = 20
findtime = 120
# ban for 24 hours
bantime  = 86400

[freeswitch-ip]
enabled  = false
port     = 5060,5061,5080,5081
filter   = freeswitch
logpath  = /var/log/freeswitch/freeswitch.log
maxretry = 2
# ban for a week
bantime  = 604800
action   = iptables-allports[name=freeswitch, protocol=all]

[DEFAULT]
# Considered safe
# kingofdos.eu 185.66.250.17
# kingofdos.eu 91.218.127.87
# kingofdos.eu 164.138.31.26
# sip.speakup.nl 193.169.138.26
# sip.speakup.nl 193.169.139.26
# self: 666.666.666.666
ignoreip = 127.0.0.1/8 185.66.250.17 91.218.127.87 164.138.31.26 193.169.138.26 193.169.139.26 666.666.666.666
bantime  = 600
maxretry = 3