[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2146
  • Last Modified:

fail2ban failed to ban ips...

I dont know why, but in a pure asterisk, brand new, iptables almost clear, new installation of fail2ban and if i try to register 10-20 times and fail2ban is not banning nothing...

So, this is mine iptables:

# Generated by iptables-save v1.3.5 on Tue Aug 31 13:34:15 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [634:126556]
:RH-Firewall-1-INPUT - [0:0]
:fail2ban-ASTERISK - [0:0]
-A INPUT -j fail2ban-ASTERISK
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 4569 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A fail2ban-ASTERISK -j RETURN
COMMIT
# Completed on Tue Aug 31 13:34:15 2010          


The Fail2ban log is :

2010-08-31 12:53:56,759 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 12:53:56,760 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 12:53:56,790 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 12:53:56,809 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 12:53:56,810 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 12:53:56,811 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 12:53:56,836 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:17:21,387 fail2ban.actions.action: ERROR  iptables -D INPUT -p all -j fail2ban-ASTERISK
iptables -F fail2ban-ASTERISK
iptables -X fail2ban-ASTERISK returned 100
2010-08-31 13:17:22,059 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:17:22,061 fail2ban.server : INFO   Exiting Fail2ban
2010-08-31 13:17:23,354 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:17:23,355 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 13:17:23,357 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:17:23,375 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 13:17:23,377 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 13:17:23,377 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 13:17:23,403 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:35:00,760 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:35:00,763 fail2ban.server : INFO   Exiting Fail2ban
2010-08-31 13:35:02,060 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:35:02,061 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 13:35:02,063 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:35:02,083 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 13:35:02,084 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 13:35:02,085 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 13:35:02,111 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:44:34,586 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:44:34,588 fail2ban.server : INFO   Exiting Fail2ban                                                  

what is going on?

0
manolocruz
Asked:
manolocruz
1 Solution
 
DrDamnitCommented:
What's your OS? Where did you install Asterisk from, where did you install fail2ban from? Binaries? SVN? Compiled? RPM?

fail2ban scans log files and alters iptables. Depending on your distro, it may not be either:

1. Scanning the correct log files or
2. modifying the firewall correctly.
0
 
manolocruzAuthor Commented:
solved... problem was that it was pointing to the wrong log file.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now