How do I block connection attempts for my public IP?

[dv8inpp]

How do I stop these requests and only allow vaild domains to g
verifying acl "domains" for ip/port 45.143.220.209:0.
2020-02-23 23:56:25.027942 [WARNING] sofia_reg.c:1793 SIP auth challenge (INVITE) on sofia profile 'internal' for [700441223931103@xxx.yyy.zzz.aaa] from ip 45.143.220.209

 

[DigitalDaz]

In /etc/fail2ban/jail.local or jail.conf there are some filters for this that are disabled by default. Just enable them and restart fail2ban.

 

[dv8inpp]

I used sip-auth-challenge.conf in the filters folder to filter using these regex. I also adjusted jail.local to enable sip-auth-challenge and set it for a limit of 1.

Do you forsee any issues this might create?


failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(INVITE\) on sofia profile \'\w+\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*@\d+.\d+.\d+.\d+\] from ip <HOST>