Solved

fail2ban failed to ban ips...

Posted on 2010-08-31
2
2,026 Views
Last Modified: 2012-05-10
I dont know why, but in a pure asterisk, brand new, iptables almost clear, new installation of fail2ban and if i try to register 10-20 times and fail2ban is not banning nothing...

So, this is mine iptables:

# Generated by iptables-save v1.3.5 on Tue Aug 31 13:34:15 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [634:126556]
:RH-Firewall-1-INPUT - [0:0]
:fail2ban-ASTERISK - [0:0]
-A INPUT -j fail2ban-ASTERISK
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 4569 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A fail2ban-ASTERISK -j RETURN
COMMIT
# Completed on Tue Aug 31 13:34:15 2010          


The Fail2ban log is :

2010-08-31 12:53:56,759 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 12:53:56,760 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 12:53:56,790 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 12:53:56,809 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 12:53:56,810 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 12:53:56,811 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 12:53:56,836 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:17:21,387 fail2ban.actions.action: ERROR  iptables -D INPUT -p all -j fail2ban-ASTERISK
iptables -F fail2ban-ASTERISK
iptables -X fail2ban-ASTERISK returned 100
2010-08-31 13:17:22,059 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:17:22,061 fail2ban.server : INFO   Exiting Fail2ban
2010-08-31 13:17:23,354 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:17:23,355 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 13:17:23,357 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:17:23,375 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 13:17:23,377 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 13:17:23,377 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 13:17:23,403 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:35:00,760 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:35:00,763 fail2ban.server : INFO   Exiting Fail2ban
2010-08-31 13:35:02,060 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:35:02,061 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 13:35:02,063 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:35:02,083 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 13:35:02,084 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 13:35:02,085 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 13:35:02,111 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:44:34,586 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:44:34,588 fail2ban.server : INFO   Exiting Fail2ban                                                  

what is going on?

0
Comment
Question by:manolocruz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 32

Accepted Solution

by:
DrDamnit earned 500 total points
ID: 33570807
What's your OS? Where did you install Asterisk from, where did you install fail2ban from? Binaries? SVN? Compiled? RPM?

fail2ban scans log files and alters iptables. Depending on your distro, it may not be either:

1. Scanning the correct log files or
2. modifying the firewall correctly.
0
 

Author Comment

by:manolocruz
ID: 33571082
solved... problem was that it was pointing to the wrong log file.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question