SOLVED Automatically add ip addresses connected to Fail2ban

[wouam31]

Hi!
I share with you a small script to ignoreip the ip addresses connected to fusionpbx.

If you want to make changes, it is with great pleasure!

Thanks @hfoster for fs_cli -x 'show registrations' command

#!/bin/bash

# Retrieve IP addresses connected to FusionPBX
registrations=$(fs_cli -x 'show registrations' | awk -F',' 'NR>1{print $6}')

# Create a list of unique IP addresses with /32 appended to each address
ip_list=()
for ip in $registrations; do
ip_with_mask="$ip/32"
if [[ ! " ${ip_list[@]} " =~ " ${ip_with_mask} " ]]; then
ip_list+=("$ip_with_mask")
fi
done

# Convert list of IP addresses to space separated string
ignore_ips=$(printf "%s " "${ip_list[@]}")

# Update jail.conf file with ignored IPs
awk -v ips="$ignore_ips" '/^ignoreip =/{print "ignoreip = " ips; next} 1' /etc/fail2ban/jail.conf > /etc/fail2ban/jail.conf.tmp
mv /etc/fail2ban/jail.conf.tmp /etc/fail2ban/jail.conf

# Restart the fail2ban service
service fail2ban restart

echo "Script completed successfully."

 

[hfoster]

I should add, the new 'Event Guard' that is in the latest release of FusionPBX doesn't need this. As soon as a valid registration is seen, it's 'whitelisted' for future violations of SIP auth failures. This is a useful script for those still using Fail2Ban for things like nginx auth problems.

More info: https://docs.fusionpbx.com/en/latest/status/event_guard.html