[Freeswitch-users] blocking IP addresses and fail2ban setup
Karl Schmidt
karl at xtronics.com
Tue Aug 13 00:02:06 MSD 2013
First, the wiki page about fail2ban
http://wiki.freeswitch.org/wiki/Fail2ban
has this bit of tantalizing, but cryptic advice:
"Enable "log-auth-failures" on each Sofia profile to monitor -- this requires a high enough loglevel
on your logs to save these messages. "
What does "high enough" mean?
( It looks like the default in autoload_configs/syslog.conf.xml is warning )
Why isn't log-auth-failures the default?
,.,
Looking at simple ways to block lists of IP addresses - there are WRONG ways to do this.
Huge lists blocked as dynamic will reduce performance of your firewall.
Looks like the best way is via ipsets:
http://www.shorewall.net/ipsets.html
So if you want to use Brain West’s blacklist ( http://daffy.bkw.org/blacklist.txt ) best to read up
on ipsets.
,.,
The other bit is that it is best to block at the firewall if possible - this looks like it can be
done by setting up fail2ban on the freeswitch box and setting up the action to use the ban command
over ssh.
actionban = ssh user at firewall.com shorewall drop <ip>
actionunban = ssh user at firewall.com shorewall allow <ip>
fail2ban using shorewall uses the dynamic method (appropriately due to the smaller number of IPs) If
you want to see a list of what is currently blocked:
$ shorewall show dynamic
Will dump out a list of the currently banned IP addresses.
--------------------------------------------------------------------------------
Karl Schmidt EMail Karl at xtronics.com
Transtronics, Inc. WEB http://secure.transtronics.com
3209 West 9th Street Ph (785) 841-3089
Lawrence, KS 66049 FAX (785) 841-0434
The society that puts equality before freedom will
end up with neither. The society that puts freedom
before equality will end up with a great measure of both.
- Milton Freidman
--------------------------------------------------------------------------------
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list