Answer the question
In order to leave comments, you need to log in
A
A
Alexander2020-02-26 18:53:35
Alexander, 2020-02-26 18:53:35
IPs are not added to fail2ban filtering rules. What am I doing wrong?
in filter.d/asterisk.conf there are such variations
Trying to put 'SIP\/2.0 401' onto UDP socket destined for <HOST>:.*
Trying to put 'SIP/2.0 401' onto UDP socket destined for <HOST>:.*
DEBUG.* .*: Trying to put 'SIP\/2.0 401' onto UDP socket destined for <HOST>:.*$
DEBUG.* .*: Trying to put 'SIP/2.0 401' onto UDP socket destined for <HOST>:.*$According to none of the above rules, it does not add an IP from a message of the form to the filter:
DEBUG[31267]: chan_sip.c:3805 __sip_xmit: Trying to put 'SIP/2.0 401' onto UDP socket destined for ip:portIn general, some rules work
fail2ban-regex /var/log/asterisk/full /etc/fail2ban/filter.d/asterisk.conf
0 ignored, 34 matched
jail.local
spoiler
[asterisk]
port = 5060,5061
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath = /var/log/asterisk/full
maxretry = 10
findtime = 86400
bantime = 518400
enabled = true
Similar questions
V
Z
C
K
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question