<div dir="ltr">Roman,<div><br></div><div>My point of view is the following.</div><div><br></div><div>Fail2ban bans requests based on logs output. Right? You can keep kamailio&#39;s config as simple as possible but add logging of failed auth attempts. I.e.</div><div><br></div><div>reply_route[FROM_BACKEND] {</div><div>    if(status == 403) {</div><div>        xlog(&quot;L_WARN&quot;, &quot;Frobidden from $si:$sp blah...\n&quot;);</div><div>    }</div><div>}</div><div><br></div><div>And then you just need make appropriate filter.</div><div><br></div><div>This is just my opinion.</div><div><br></div><div>In the case of FreeSWITCH I do not know is it possible to show original IP address due failed auth attempts. sorry.</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-11-29 15:08 GMT+02:00 Roman Dissauer <span dir="ltr">&lt;<a href="mailto:roman@dissauer.net" target="_blank">roman@dissauer.net</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thanks guys,<br>
<br>
I’m sure that it is best practice to prevent brute force attacks on Kamailio. I also do that on another system where Kamailio handles full registration/authentication. Due to the fact that my SIP Proxy is as basic as possible forwarding all packets to the backend Freeswitch (just for load balancing), I thought it would be easier to solve that on Freeswitch side.<br>
<br>
I’ll try to get that done in the reply route and will post the results here.<br>
<span class="HOEnZb"><font color="#888888"><br>
Roman<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
<br>
&gt; Am 29.11.2016 um 10:40 schrieb Alex Balashov &lt;<a href="mailto:abalashov@evaristesys.com">abalashov@evaristesys.com</a>&gt;:<br>
&gt;<br>
&gt; On Tue, Nov 29, 2016 at 11:22:25AM +0200, Vladyslav Zakhozhai wrote:<br>
&gt;<br>
&gt;&gt; I think that more elegant solution for your task is cut off bruteforce on<br>
&gt;&gt; Kamailio side rather than on FreeSWITCH. You do not need (and must not)<br>
&gt;&gt; pass malicious traffic to backends. It is best practice.<br>
&gt;<br>
&gt; I would agree with that. Kamailio makes a far better &quot;condom&quot; than Freeswitch.<br>
&gt;<br>
&gt; I just assumed there was something in his use-case that compelled relaying traffic forward uncritically.<br>
&gt;<br>
&gt; --<br>
&gt; Alex Balashov | Principal | Evariste Systems LLC<br>
&gt;<br>
&gt; Tel: <a href="tel:%2B1-706-510-6800" value="+17065106800">+1-706-510-6800</a> (direct) / <a href="tel:%2B1-800-250-5920" value="+18002505920">+1-800-250-5920</a> (toll-free)<br>
&gt; Web: <a href="http://www.evaristesys.com/" rel="noreferrer" target="_blank">http://www.evaristesys.com/</a>, <a href="http://www.csrpswitch.com/" rel="noreferrer" target="_blank">http://www.csrpswitch.com/</a><br>
&gt;<br>
&gt; ______________________________<wbr>______________________________<wbr>_____________<br>
&gt; Professional FreeSWITCH Consulting Services:<br>
&gt; <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
&gt; <a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
&gt;<br>
&gt; Official FreeSWITCH Sites<br>
&gt; <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
&gt; <a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
&gt; <a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
&gt;<br>
&gt; FreeSWITCH-users mailing list<br>
&gt; <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
&gt; <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
&gt; UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
&gt; <a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<br>
<br>
<br>
______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">С уважением,<br>Владислав Захожай<br><br></div></div>
</div>