Solved

fail2ban failed to ban ips...

Posted on 2010-08-31
2
1,935 Views
Last Modified: 2012-05-10
I dont know why, but in a pure asterisk, brand new, iptables almost clear, new installation of fail2ban and if i try to register 10-20 times and fail2ban is not banning nothing...

So, this is mine iptables:

# Generated by iptables-save v1.3.5 on Tue Aug 31 13:34:15 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [634:126556]
:RH-Firewall-1-INPUT - [0:0]
:fail2ban-ASTERISK - [0:0]
-A INPUT -j fail2ban-ASTERISK
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 4569 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A fail2ban-ASTERISK -j RETURN
COMMIT
# Completed on Tue Aug 31 13:34:15 2010          


The Fail2ban log is :

2010-08-31 12:53:56,759 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 12:53:56,760 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 12:53:56,790 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 12:53:56,809 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 12:53:56,810 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 12:53:56,811 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 12:53:56,836 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:17:21,387 fail2ban.actions.action: ERROR  iptables -D INPUT -p all -j fail2ban-ASTERISK
iptables -F fail2ban-ASTERISK
iptables -X fail2ban-ASTERISK returned 100
2010-08-31 13:17:22,059 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:17:22,061 fail2ban.server : INFO   Exiting Fail2ban
2010-08-31 13:17:23,354 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:17:23,355 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 13:17:23,357 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:17:23,375 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 13:17:23,377 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 13:17:23,377 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 13:17:23,403 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:35:00,760 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:35:00,763 fail2ban.server : INFO   Exiting Fail2ban
2010-08-31 13:35:02,060 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:35:02,061 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 13:35:02,063 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:35:02,083 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 13:35:02,084 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 13:35:02,085 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 13:35:02,111 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:44:34,586 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:44:34,588 fail2ban.server : INFO   Exiting Fail2ban                                                  

what is going on?

0
Comment
Question by:manolocruz
2 Comments
 
LVL 32

Accepted Solution

by:
DrDamnit earned 500 total points
Comment Utility
What's your OS? Where did you install Asterisk from, where did you install fail2ban from? Binaries? SVN? Compiled? RPM?

fail2ban scans log files and alters iptables. Depending on your distro, it may not be either:

1. Scanning the correct log files or
2. modifying the firewall correctly.
0
 

Author Comment

by:manolocruz
Comment Utility
solved... problem was that it was pointing to the wrong log file.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now