@carlosmp wrote:
Hi,
I happened to be on a system digging around, and found that the asterisk.conf does not seem to properly detect the Rejecting unknown SIP connection from... so I created my own asterisk-custom.conf file in the filters.d using
failregex = ^(%(prefix_line)s|[]\s*WARNING%(pid_re)s:?(?:[C-[\da-f]])? )Ext. s:. "Rejecting unknown SIP connection from "$(the current asterisk.conf or asterisk-security.conf file is missing the .* after the s:, which it doesn't then detect.
Running the fail2ban-regex /var/log/asterisk/full asterisk-custom.conf, has 219 matches. So the IPs should be getting banned. Nope. Restart fail2ban, wait 10 minutes nothing still not banned. I have a very low tolerance for fails...I have a max retry of 4 with find time of 86400 (4 matches in 24 hours gets you banned).
So, I ran fail2ban-client status, and noticed there's no asterisk-iptables listed in the jails. Went through the local.conf file, and no jails are setup to use the asterisk filters.
Is there a reason that asterisk-iptables is not running? Using the firewall module too, but would think fail2ban would be in play too...
Thanks in advance,
Carlos.
Posts: 1
Participants: 1