Install fail2ban
apt install fail2ban
create the following file
vim /etc/fail2ban/jail.d/freeswitch.localcopy the following content in the file freeswitch.local
[freeswitch-tcp]
enabled = true
maxretry = 3
findtime = 3600
bantime = 300
Now create the following file
vim /etc/fail2ban/jail.conf
copy the following line in jail.conf
[freeswitch-tcp]
port = 11110,11111
protocol = tcp
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-allports[name=freeswitch-tcp, protocol=all]
[freeswitch-udp]
port = 5060,5061,5080,5081
protocol = udp
filter = freeswitch
logpath = /var/log/freeswitch/freeswitch.log
action = iptables-allports[name=freeswitch-udp, protocol=all]
create the following file
cat /etc/fail2ban/filter.d/freeswitch.conf
copy the following lines
[INCLUDES]
before = common.conf
[Definition]
_daemon = freeswitch
mode = extra
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ Can\'t find user \[.*\] from <HOST>
ignoreregex =
stop fail2ban
systemctl stop fail2ban
Start fail2ban in debug mode
fail2ban-server -xf -vvv
check fail2ban logs
tail -f /var/log/fail2ban.log
Check Status
fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: freeswitch-tcp
make some fail REGISTRATIONS
fail2ban-client status freeswitch-tcp
Status for the jail: freeswitch-tcp
|- Filter
| |- Currently failed: 0
| |- Total failed: 0
| `- File list: /var/log/freeswitch/freeswitch.log
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 103.122.158.34
Comand to unban the IPs
fail2ban-client -vvv set freeswitch banip 192.0.2.0
fail2ban-client -vvv set freeswitch unbanip 192.0.2.0
fail2ban-client -d
iptables -nLEnjoy 😉
No comments:
Post a Comment