[Freeswitch-users] fail2ban assistance
clive engelberg
clive18 at webmail.co.za
Tue Nov 28 21:22:02 UTC 2017
Hi.
I am experiencing this strange behavior when using Zoiper android client
where it sends register attempts with a username "yes". I suspect this
is to keep open the NAT.
Anyway, fail2ban does not like this, as you can imagine, and it bans the
user.
Can someone help me to add an ignoreregex for fail2ban please.
The strings that are causing it to fail are:
2017-11-14 17:19:41.716109 [WARNING] sofia_reg.c:1775 SIP auth challenge
(REGISTER) on sofia profile 'default' for [yes at 196.22.1.22] from ip
105.184.98.99
2017-11-14 17:19:41.756109 [WARNING] sofia_reg.c:2889 Can't find user
[yes at 196.22.1.22] from 105.184.98.99
maybe this would work...
ignoreregex= \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\)
on sofia profile \'[^']+\' for \[yes at .*\] from ip <HOST>
my regex skills are lacking...
Thanks in advance
Clive
More information about the FreeSWITCH-users
mailing list