SOLVED Fail2ban not banning abuseive IP

Status
Not open for further replies.

FunkStar

Member
Jun 16, 2017
33
1
8
Hi

This weekend I've updated our server to Debian 11 (Bulleye) so I think it has something to do with this but it ofc can be a coincidence.

We're getting spammed with calls (see screenshot bellow) but it's not getting blocked by fail2ban.
1684741825797.png

fail2ban-client status
1684742034367.png
FusionPBX version: 5.0.1 (https://github.com/fusionpbx/fusionpbx/compare/7d82b82089fa7a635ba1cd0ce42e908d7e96fa2d...master)
FreeSwitch version: 1.10.9 (this version also upgraded from 1.10.7 to 1.10.9

Anyone an idea in what direction I should look? Any reason why this IP (if you look it up it marked as abusive) isn't getting blocked?
We're not up 2 date with the master, we update once a year (in June) and I've noticed a switch from Fail2ban to Event Guard.

Thanks!
 

FunkStar

Member
Jun 16, 2017
33
1
8
Update:

Found the issue, calls where incoming from port 5080 (unauthenticated), few months ago we got a list from our SIP provider to whitelist port 1025 to 65535 (purpose "media"). But the protocol was "RTP" and our firewall only had TCP or UDP.

Adjusted our firewall and calls stopped.
 

hfoster

Active Member
Jan 28, 2019
674
80
28
34
Normally a SIP Provider will be able to give you a list or prefix of IP addresses to whitelist, instead of opening it up to the entire internet.
 
Status
Not open for further replies.