fail2ban failed to ban ips...
I dont know why, but in a pure asterisk, brand new, iptables almost clear, new installation of fail2ban and if i try to register 10-20 times and fail2ban is not banning nothing...
So, this is mine iptables:
# Generated by iptables-save v1.3.5 on Tue Aug 31 13:34:15 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [634:126556]
:RH-Firewall-1-INPUT - [0:0]
:fail2ban-ASTERISK - [0:0]
-A INPUT -j fail2ban-ASTERISK
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 4569 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A fail2ban-ASTERISK -j RETURN
COMMIT
# Completed on Tue Aug 31 13:34:15 2010
The Fail2ban log is :
2010-08-31 12:53:56,759 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 12:53:56,760 fail2ban.jail : INFO Creating new jail 'asterisk-iptables'
2010-08-31 12:53:56,790 fail2ban.jail : INFO Jail 'asterisk-iptables' uses Gamin
2010-08-31 12:53:56,809 fail2ban.filter : INFO Set maxRetry = 5
2010-08-31 12:53:56,810 fail2ban.filter : INFO Set findtime = 600
2010-08-31 12:53:56,811 fail2ban.actions: INFO Set banTime = 259200
2010-08-31 12:53:56,836 fail2ban.jail : INFO Jail 'asterisk-iptables' started
2010-08-31 13:17:21,387 fail2ban.actions.action: ERROR iptables -D INPUT -p all -j fail2ban-ASTERISK
iptables -F fail2ban-ASTERISK
iptables -X fail2ban-ASTERISK returned 100
2010-08-31 13:17:22,059 fail2ban.jail : INFO Jail 'asterisk-iptables' stopped
2010-08-31 13:17:22,061 fail2ban.server : INFO Exiting Fail2ban
2010-08-31 13:17:23,354 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:17:23,355 fail2ban.jail : INFO Creating new jail 'asterisk-iptables'
2010-08-31 13:17:23,357 fail2ban.jail : INFO Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:17:23,375 fail2ban.filter : INFO Set maxRetry = 5
2010-08-31 13:17:23,377 fail2ban.filter : INFO Set findtime = 600
2010-08-31 13:17:23,377 fail2ban.actions: INFO Set banTime = 259200
2010-08-31 13:17:23,403 fail2ban.jail : INFO Jail 'asterisk-iptables' started
2010-08-31 13:35:00,760 fail2ban.jail : INFO Jail 'asterisk-iptables' stopped
2010-08-31 13:35:00,763 fail2ban.server : INFO Exiting Fail2ban
2010-08-31 13:35:02,060 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:35:02,061 fail2ban.jail : INFO Creating new jail 'asterisk-iptables'
2010-08-31 13:35:02,063 fail2ban.jail : INFO Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:35:02,083 fail2ban.filter : INFO Set maxRetry = 5
2010-08-31 13:35:02,084 fail2ban.filter : INFO Set findtime = 600
2010-08-31 13:35:02,085 fail2ban.actions: INFO Set banTime = 259200
2010-08-31 13:35:02,111 fail2ban.jail : INFO Jail 'asterisk-iptables' started
2010-08-31 13:44:34,586 fail2ban.jail : INFO Jail 'asterisk-iptables' stopped
2010-08-31 13:44:34,588 fail2ban.server : INFO Exiting Fail2ban
what is going on?
So, this is mine iptables:
# Generated by iptables-save v1.3.5 on Tue Aug 31 13:34:15 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [634:126556]
:RH-Firewall-1-INPUT - [0:0]
:fail2ban-ASTERISK - [0:0]
-A INPUT -j fail2ban-ASTERISK
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 4569 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A fail2ban-ASTERISK -j RETURN
COMMIT
# Completed on Tue Aug 31 13:34:15 2010
The Fail2ban log is :
2010-08-31 12:53:56,759 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 12:53:56,760 fail2ban.jail : INFO Creating new jail 'asterisk-iptables'
2010-08-31 12:53:56,790 fail2ban.jail : INFO Jail 'asterisk-iptables' uses Gamin
2010-08-31 12:53:56,809 fail2ban.filter : INFO Set maxRetry = 5
2010-08-31 12:53:56,810 fail2ban.filter : INFO Set findtime = 600
2010-08-31 12:53:56,811 fail2ban.actions: INFO Set banTime = 259200
2010-08-31 12:53:56,836 fail2ban.jail : INFO Jail 'asterisk-iptables' started
2010-08-31 13:17:21,387 fail2ban.actions.action: ERROR iptables -D INPUT -p all -j fail2ban-ASTERISK
iptables -F fail2ban-ASTERISK
iptables -X fail2ban-ASTERISK returned 100
2010-08-31 13:17:22,059 fail2ban.jail : INFO Jail 'asterisk-iptables' stopped
2010-08-31 13:17:22,061 fail2ban.server : INFO Exiting Fail2ban
2010-08-31 13:17:23,354 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:17:23,355 fail2ban.jail : INFO Creating new jail 'asterisk-iptables'
2010-08-31 13:17:23,357 fail2ban.jail : INFO Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:17:23,375 fail2ban.filter : INFO Set maxRetry = 5
2010-08-31 13:17:23,377 fail2ban.filter : INFO Set findtime = 600
2010-08-31 13:17:23,377 fail2ban.actions: INFO Set banTime = 259200
2010-08-31 13:17:23,403 fail2ban.jail : INFO Jail 'asterisk-iptables' started
2010-08-31 13:35:00,760 fail2ban.jail : INFO Jail 'asterisk-iptables' stopped
2010-08-31 13:35:00,763 fail2ban.server : INFO Exiting Fail2ban
2010-08-31 13:35:02,060 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:35:02,061 fail2ban.jail : INFO Creating new jail 'asterisk-iptables'
2010-08-31 13:35:02,063 fail2ban.jail : INFO Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:35:02,083 fail2ban.filter : INFO Set maxRetry = 5
2010-08-31 13:35:02,084 fail2ban.filter : INFO Set findtime = 600
2010-08-31 13:35:02,085 fail2ban.actions: INFO Set banTime = 259200
2010-08-31 13:35:02,111 fail2ban.jail : INFO Jail 'asterisk-iptables' started
2010-08-31 13:44:34,586 fail2ban.jail : INFO Jail 'asterisk-iptables' stopped
2010-08-31 13:44:34,588 fail2ban.server : INFO Exiting Fail2ban
what is going on?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER