[Freeswitch-users] blocking IP addresses and fail2ban setup

Karl Schmidt karl at xtronics.com
Tue Aug 13 00:02:06 MSD 2013 

First, the wiki page about fail2ban

http://wiki.freeswitch.org/wiki/Fail2ban

has this bit of tantalizing, but cryptic advice:

"Enable "log-auth-failures" on each Sofia profile to monitor -- this requires a high enough loglevel 
on your logs to save these messages. "

What does "high enough" mean?

( It looks like the default in autoload_configs/syslog.conf.xml is warning )

Why isn't log-auth-failures the default?

,.,

Looking at simple ways to block lists of IP addresses - there are WRONG ways to do this.

Huge lists blocked as dynamic will reduce performance of your firewall.

Looks like the best way is via ipsets:

http://www.shorewall.net/ipsets.html

So if you want to use Brain West’s blacklist  ( http://daffy.bkw.org/blacklist.txt ) best to read up 
on ipsets.

,.,

The other bit is that it is best to block at the firewall if possible - this looks like it can be 
done by setting up fail2ban on the freeswitch box and setting up the action to use the ban command 
over ssh.

actionban = ssh user at firewall.com shorewall drop <ip>

actionunban = ssh user at firewall.com shorewall allow <ip>


fail2ban using shorewall uses the dynamic method (appropriately due to the smaller number of IPs) If 
you want to see a list of what is currently blocked:

$ shorewall show dynamic

Will dump out a list of the currently banned IP addresses.



--------------------------------------------------------------------------------
Karl Schmidt                                  EMail Karl at xtronics.com
Transtronics, Inc.                              WEB http://secure.transtronics.com
3209 West 9th Street                             Ph (785) 841-3089
Lawrence, KS 66049                              FAX (785) 841-0434

The society that puts equality before freedom will
end up with neither. The society that puts freedom
before equality will end up with a great measure of both.
- Milton Freidman
--------------------------------------------------------------------------------

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list