That is then down to you. You need to create your own equivalent to /etc/fail2ban/action.d/iptables-multiport.conf to cover your own firewall, but having a quick look at the freepbx site you'll be out of luck. The firewall looks very basic unless it is just a front end for something else underneath. I also bumped into this: http://nerdvittles.com/?p=14416 which could be interesting.
On 21/10/2016 14:57, Trent Creekmore wrote: > One important item which I notice is not mentioned is what version of > FreePBX is being used. > > When Sangoma bought out Schmooze, and with the introduction of FreePBX 13, > they started putting a new module in it called Sangoma Firewall. > > Fail2ban uses IP tables, but Sangoma Firewall does not. When Sangoma > Firewall is enabled, IP Tables is disabled. > > Just something to consider. > > -----Original Message----- > From: Anthony Griffiths [mailto:[email protected]] > Sent: Thursday, October 20, 2016 9:42 AM > To: [email protected] > Subject: Re: [Fail2ban-users] need help creating a freepbx-gui jail > > I'm running iptables-1.4.7-16.el6.x86_64 but I don't know what default > action is. I dug a little deeper and discovered others hare having similar > problems with the [pbx-gui] jail in fail2ban so it may be a problem with the > freepbx build itself. In the meantime I've gone back up to fail2ban-0.9 like > you said and I've locked the pbx gui logon down to just one ip address in > iptables.This will keep me safe until I can sort this thing out. Thanks, > Tony > > On Thu, Oct 20, 2016 at 11:47 AM, Nick Howitt <[email protected]> wrote: >> Please make sure you do a reply-to-all or a reply-to-list as all your >> replies are bypassing the mailing lists and coming straight to me. >> >> Which firewall are you running and what is your default action? >> >> Try increasing your loglevel to get more information. You say your >> fail2ban log looks perfect. What are you seeing in it when you make a >> few failed attempts? Can you post a snippet? >> >> I'd also stick with 0.9.x as its set up is slightly different from >> 0.8.x (lots more defaulting). >> >> On 20/10/2016 09:13, Anthony Griffiths wrote: >>> something is really wrong here. I uninstalled fail2ban 0.9 and >>> completely deleted all remaining traces. Then I downloaded and >>> installed this: >>> http://yum.schmoozecom.net/schmooze-commercial/6/x86_64/RPMS/fail2ban >>> /fail2ban-0.8.14-1.shmz65.1.129.noarch.rpm >>> this is fail2ban specifically designed around freepbx. But it still >>> doesn't work. >>> The new fail2ban-0.8 starts fine, the fail2ban.log looks perfect, I >>> do some deliberate failed logins to the freepbx-gui and nothing happens. >>> I'm watching the log while doing the failed logins and it just sits >>> there doing nothing. >>> If I run: >>> fail2ban-regex /var/log/asterisk/freepbx_security.log >>> /etc/fail2ban/filter.d/freepbx.conf >>> I get: >>> ---------------------------------------------------------- >>> Running tests >>> ============= >>> >>> Use failregex file : /etc/fail2ban/filter.d/freepbx.conf >>> Use log file : /var/log/asterisk/freepbx_security.log >>> >>> >>> Results >>> ======= >>> >>> Failregex: 87 total >>> |- #) [# of hits] regular expression >>> | 1) [87] Authentication failure for .* from <HOST> >>> `- >>> >>> Ignoreregex: 0 total >>> >>> Date template hits: >>> |- [# of hits] date format >>> | [262] Year-Month-Day Hour:Minute:Second >>> `- >>> >>> Lines: 262 lines, 0 ignored, 87 matched, 175 missed Missed line(s): >>> too many to print. Use --print-all-missed to print all 175 lines >>> -------------------------------------------------------- >>> >>> In jail.local I have 'ignoreip = 127.0.0.1' and that's all. >>> >>> this to me looks correct. If you can shed any light on this I'd be >>> really grateful. Fail2ban-regex is the only troubleshooting command i >>> know. Are there any others I could use? >>> >>> ps: and to make matters worse the sshd jail doesn't work either. >>> Thanks for any further thoughts. >>> >>> On Wed, Oct 19, 2016 at 10:19 PM, Nick Howitt <[email protected]> wrote: >>>> On 19/10/2016 22:08, Anthony Griffiths wrote: >>>>>> From the changelog, 0.9.4 is not much different from 0.9.3 >>>>>> syntax-wise so my jail and filter should be OK. >>>>>> >>>>>> When doing your failed logins, are they from any IP covered by the >>>>>> ignoreip parameter in jail.conf or jail.local? If loglevel is set >>>>>> to INFO you should get an f2b message every time you get a filter >>>>>> hit, but I'm not sure if it is covered by your ignoreip. >>>>> I've double check jail.local and all I have is: ignoreip = >>>>> 127.0.0.1/8 There is one thing at the back of my mind though, I >>>>> assumed the failed login was on port 80 however this could be >>>>> wrong. I've asked on the freepbx forum but no response yet. >>>> Even then you should still be able to see the banning in the logs. >>>> Also, if you're using iptables you can do an "iptables -nvL" and see >>>> if your f2b-pbx-gui lists your IP. It won't be effective if it is >>>> blocking the wrong ports but it will be there. >>>> >>>> -------------------------------------------------------------------- >>>> ---------- Check out the vibrant tech community on one of the >>>> world's most engaging tech sites, SlashDot.org! >>>> http://sdm.link/slashdot >>>> _______________________________________________ >>>> Fail2ban-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users >> >> ---------------------------------------------------------------------- >> -------- Check out the vibrant tech community on one of the world's >> most engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> _______________________________________________ >> Fail2ban-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > ---------------------------------------------------------------------------- > -- > Check out the vibrant tech community on one of the world's most engaging > tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Fail2ban-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
