<div dir="ltr">I cleared out the logs and reloaded fail2ban. Going back to look at the logs again now and I don't even see an attempt to load the FreeSwitch filter. <div><br></div><div>fail2ban.log:</div><div><br></div><div><div>2016-09-08 18:21:16,855 fail2ban.server [3576]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13</div><div>2016-09-08 18:21:16,856 fail2ban.jail [3576]: INFO Creating new jail 'ssh'</div><div>2016-09-08 18:21:16,856 fail2ban.jail [3576]: INFO Jail 'ssh' uses pyinotify</div><div>2016-09-08 18:21:16,862 fail2ban.jail [3576]: INFO Initiated 'pyinotify' backend</div><div>2016-09-08 18:21:16,864 fail2ban.filter [3576]: INFO Added logfile = /var/log/auth.log</div><div>2016-09-08 18:21:16,866 fail2ban.filter [3576]: INFO Set maxRetry = 6</div><div>2016-09-08 18:21:16,867 fail2ban.filter [3576]: INFO Set findtime = 600</div><div>2016-09-08 18:21:16,868 fail2ban.actions[3576]: INFO Set banTime = 1800</div><div>2016-09-08 18:21:16,889 fail2ban.jail [3576]: INFO Creating new jail 'ssh-ddos'</div><div>2016-09-08 18:21:16,890 fail2ban.jail [3576]: INFO Jail 'ssh-ddos' uses pyinotify</div><div>2016-09-08 18:21:16,896 fail2ban.jail [3576]: INFO Initiated 'pyinotify' backend</div><div>2016-09-08 18:21:16,898 fail2ban.filter [3576]: INFO Added logfile = /var/log/auth.log</div><div>2016-09-08 18:21:16,900 fail2ban.filter [3576]: INFO Set maxRetry = 6</div><div>2016-09-08 18:21:16,901 fail2ban.filter [3576]: INFO Set findtime = 600</div><div>2016-09-08 18:21:16,902 fail2ban.actions[3576]: INFO Set banTime = 1800</div><div>2016-09-08 18:21:16,910 fail2ban.jail [3576]: INFO Jail 'ssh' started</div><div>2016-09-08 18:21:16,914 fail2ban.jail [3576]: INFO Jail 'ssh-ddos' started</div></div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 8, 2016 at 1:53 AM, Mirko Brankovic <span dir="ltr"><<a href="mailto:mirkobrankovic@gmail.com" target="_blank">mirkobrankovic@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>On ubuntu it is called :</div><div><div>Chain fail2ban-freeswitch (1 references)</div></div><div><br></div><div>iptables -L should give you the chain if F2B started correctly, otherwise see the fail2ban log for errors.</div><div><br></div><div><br></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Thu, Sep 8, 2016 at 7:42 AM, Jurijs Ivolga <span dir="ltr"><<a href="mailto:jurijs.ivolga@gmail.com" target="_blank">jurijs.ivolga@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div>Hi,<br><br></div>I configured fail2ban several times a while ago, but not with freeswitch...<br><br></div>If you see that rules are missing, just add them and you can use SSH rules as template. I believe it should make a trick.<br><br></div><div>And I see from you rules, that you are allowing all traffic and this is really bad idea...<br><br></div><div>You should drop everything and allow only needed traffic.<br></div><div><br></div>With kind regards,<br></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr">Jurijs<br></div></div></div><div><div>
<br><div class="gmail_quote">On Thu, Sep 8, 2016 at 12:15 AM, Don Hawkins <span dir="ltr"><<a href="mailto:hawkins@hawkinsegroup.com" target="_blank">hawkins@hawkinsegroup.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Thanks for the reply!<div><br></div><div><b>Fail2Ban is running:</b></div><div><div>root@sip:/etc/fail2ban# fail2ban-client start</div><div>ERROR Server already running</div></div><div><br></div><div><br></div><div><b>I added everything in /etc/fail2ban/jail.conf</b></div><div><div><br></div><div>[ssh]</div><div>enabled = true<br></div><div>port = 22</div><div>filter = sshd</div><div>logpath = /var/log/auth.log</div><div>maxretry = 6</div><div><br></div><div>[freeswitch]</div><div>enabled = true</div><div>port = 5060,5061,5080,5081</div><div>filter = freeswitch</div><div>logpath = /var/log/freeswitch/freeswitch<wbr>.log</div><div>maxretry = 10</div></div><div><br></div><div><br></div><div><b>I also created /etc/fail2ban/filter.d<wbr>/freeswitch.conf</b> as shown on <a href="https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/freeswitch.conf" target="_blank">https://github.com/fail2ban<wbr>/fail2ban/blob/master/config/f<wbr>ilter.d/freeswitch.conf</a></div><div><br></div><div><br></div><div><div><b>root@sip:/etc/fail2ban/filter.<wbr>d# iptables -S</b></div><div>-P INPUT ACCEPT</div><div>-P FORWARD ACCEPT</div><div>-P OUTPUT ACCEPT</div><div>-N fail2ban-ssh</div><div>-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh</div></div><div><br></div><div><br></div><div>As you can see when running iptables -S it shoes the "fail2ban-ssh" rule but nothing about FreeSwitch.</div><div><br></div><div><br></div><div>Any help is appreciated.</div><div><br></div><div><br></div></div><div class="gmail_extra"><div><div><br><div class="gmail_quote">On Wed, Sep 7, 2016 at 11:01 AM, jungle Boogie <span dir="ltr"><<a href="mailto:jungleboogie0@gmail.com" target="_blank">jungleboogie0@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span>On 7 September 2016 at 08:33, Don Hawkins <<a href="mailto:hawkins@hawkinsegroup.com" target="_blank">hawkins@hawkinsegroup.com</a>> wrote:<br>
> It keeps saying it's not there, but I did add it, is there something I'm<br>
> missing?<br>
<br>
</span>How did you add it? Is fail2ban running? Have you restarted your<br>
computer after setting up fail2ban? If you do iptables -S, do you see<br>
the rules?<br>
<br>
<br>
--<br>
-------<br>
inum: 883510009027723<br>
sip: <a href="mailto:jungleboogie@sip2sip.info" target="_blank">jungleboogie@sip2sip.info</a><br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/free<wbr>switch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
</blockquote></div><br><br clear="all"><div><br></div></div></div><span><font color="#888888">-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span style="color:rgb(102,102,102)"><span>Sincerely,<br>Don Hawkins<br>CEO<br>Hawkins Enterprise Group LLC<br><a href="http://hawkinsegroup.com" target="_blank">http://hawkinsegroup.com</a><br><a href="http://zello.com" target="_blank">Zello PTT</a>: push2don<br></span></span></div><div><span style="color:rgb(102,102,102)"><span>P: <a href="tel:469-214-5044" value="+14692145044" target="_blank">469-214-5044</a><br></span></span></div><div dir="ltr"><span style="color:rgb(102,102,102)"><span><a value="+12146991224"></a></span></span></div></div></div></div></div></div>
</font></span></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/free<wbr>switch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div></div></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br></div></div><div><div dir="ltr"><div><div dir="ltr">Regards,<div>Mirko</div></div></div></div></div>
</div></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span style="color:rgb(102,102,102)"><span>Sincerely,<br>Don Hawkins<br>CEO<br>Hawkins Enterprise Group LLC<br><a href="http://hawkinsegroup.com" target="_blank">http://hawkinsegroup.com</a><br><a href="http://zello.com" target="_blank">Zello PTT</a>: push2don<br></span></span></div><div><span style="color:rgb(102,102,102)"><span>P: 469-214-5044<br></span></span></div><div dir="ltr"><span style="color:rgb(102,102,102)"><span><a value="+12146991224"></a></span></span></div></div></div></div></div></div>
</div></div>