Solved

fail2ban failed to ban ips...

Posted on 2010-08-31
2
1,968 Views
Last Modified: 2012-05-10
I dont know why, but in a pure asterisk, brand new, iptables almost clear, new installation of fail2ban and if i try to register 10-20 times and fail2ban is not banning nothing...

So, this is mine iptables:

# Generated by iptables-save v1.3.5 on Tue Aug 31 13:34:15 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [634:126556]
:RH-Firewall-1-INPUT - [0:0]
:fail2ban-ASTERISK - [0:0]
-A INPUT -j fail2ban-ASTERISK
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 4569 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A fail2ban-ASTERISK -j RETURN
COMMIT
# Completed on Tue Aug 31 13:34:15 2010          


The Fail2ban log is :

2010-08-31 12:53:56,759 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 12:53:56,760 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 12:53:56,790 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 12:53:56,809 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 12:53:56,810 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 12:53:56,811 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 12:53:56,836 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:17:21,387 fail2ban.actions.action: ERROR  iptables -D INPUT -p all -j fail2ban-ASTERISK
iptables -F fail2ban-ASTERISK
iptables -X fail2ban-ASTERISK returned 100
2010-08-31 13:17:22,059 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:17:22,061 fail2ban.server : INFO   Exiting Fail2ban
2010-08-31 13:17:23,354 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:17:23,355 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 13:17:23,357 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:17:23,375 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 13:17:23,377 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 13:17:23,377 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 13:17:23,403 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:35:00,760 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:35:00,763 fail2ban.server : INFO   Exiting Fail2ban
2010-08-31 13:35:02,060 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:35:02,061 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 13:35:02,063 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:35:02,083 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 13:35:02,084 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 13:35:02,085 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 13:35:02,111 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:44:34,586 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:44:34,588 fail2ban.server : INFO   Exiting Fail2ban                                                  

what is going on?

0
Comment
Question by:manolocruz
2 Comments
 
LVL 32

Accepted Solution

by:
DrDamnit earned 500 total points
ID: 33570807
What's your OS? Where did you install Asterisk from, where did you install fail2ban from? Binaries? SVN? Compiled? RPM?

fail2ban scans log files and alters iptables. Depending on your distro, it may not be either:

1. Scanning the correct log files or
2. modifying the firewall correctly.
0
 

Author Comment

by:manolocruz
ID: 33571082
solved... problem was that it was pointing to the wrong log file.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Apache application gives "Forbidden" message 5 45
Linux server cannot access samba share 12 91
LINUX CENTOS + APACHE 9 63
Determine Who is Runnig my Bash Shell Script 4 64
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now