Solved

fail2ban failed to ban ips...

Posted on 2010-08-31
2
1,984 Views
Last Modified: 2012-05-10
I dont know why, but in a pure asterisk, brand new, iptables almost clear, new installation of fail2ban and if i try to register 10-20 times and fail2ban is not banning nothing...

So, this is mine iptables:

# Generated by iptables-save v1.3.5 on Tue Aug 31 13:34:15 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [634:126556]
:RH-Firewall-1-INPUT - [0:0]
:fail2ban-ASTERISK - [0:0]
-A INPUT -j fail2ban-ASTERISK
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 4569 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A fail2ban-ASTERISK -j RETURN
COMMIT
# Completed on Tue Aug 31 13:34:15 2010          


The Fail2ban log is :

2010-08-31 12:53:56,759 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 12:53:56,760 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 12:53:56,790 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 12:53:56,809 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 12:53:56,810 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 12:53:56,811 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 12:53:56,836 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:17:21,387 fail2ban.actions.action: ERROR  iptables -D INPUT -p all -j fail2ban-ASTERISK
iptables -F fail2ban-ASTERISK
iptables -X fail2ban-ASTERISK returned 100
2010-08-31 13:17:22,059 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:17:22,061 fail2ban.server : INFO   Exiting Fail2ban
2010-08-31 13:17:23,354 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:17:23,355 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 13:17:23,357 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:17:23,375 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 13:17:23,377 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 13:17:23,377 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 13:17:23,403 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:35:00,760 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:35:00,763 fail2ban.server : INFO   Exiting Fail2ban
2010-08-31 13:35:02,060 fail2ban.server : INFO   Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.4
2010-08-31 13:35:02,061 fail2ban.jail   : INFO   Creating new jail 'asterisk-iptables'
2010-08-31 13:35:02,063 fail2ban.jail   : INFO   Jail 'asterisk-iptables' uses Gamin
2010-08-31 13:35:02,083 fail2ban.filter : INFO   Set maxRetry = 5
2010-08-31 13:35:02,084 fail2ban.filter : INFO   Set findtime = 600
2010-08-31 13:35:02,085 fail2ban.actions: INFO   Set banTime = 259200
2010-08-31 13:35:02,111 fail2ban.jail   : INFO   Jail 'asterisk-iptables' started
2010-08-31 13:44:34,586 fail2ban.jail   : INFO   Jail 'asterisk-iptables' stopped
2010-08-31 13:44:34,588 fail2ban.server : INFO   Exiting Fail2ban                                                  

what is going on?

0
Comment
Question by:manolocruz
2 Comments
 
LVL 32

Accepted Solution

by:
DrDamnit earned 500 total points
ID: 33570807
What's your OS? Where did you install Asterisk from, where did you install fail2ban from? Binaries? SVN? Compiled? RPM?

fail2ban scans log files and alters iptables. Depending on your distro, it may not be either:

1. Scanning the correct log files or
2. modifying the firewall correctly.
0
 

Author Comment

by:manolocruz
ID: 33571082
solved... problem was that it was pointing to the wrong log file.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now