[asterisk-users] asterisk and fail2ban

Roderick A. Anderson raanders at cyber-office.net
Thu Mar 31 14:05:38 CDT 2011


Gordon Henderson wrote:
> On Wed, 30 Mar 2011, Terry Brummell wrote:
> 
>> Yah, sounds simple, how do you set it up to do this?  Fail2Ban was
>> pretty easy, if it's that easy, why was F2B even created?
> 
> It's easy for me because I read an undestand how things work, and deal 
> with Linux firewalling in a daily basis. Fail2ban is an (almost) drop-in 
> solution which requires minimal thinking - just a few lines in a config 
> file to edit. (and python which I don't have installed on my systems)

And in case you missed Gordon's post (quite awhile ago) on this topic 
this is what I use on CentOS 5 systems based on that:

  #+# 20100917raa - Testing to prevent Asterisk registration attacks
-N AST_WHITELIST
-A AST_WHITELIST -s 10.10.3.21 -m recent --remove --name ASTERISK -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 10000:20000 -m state --state NEW 
-m recent --set --name ASTERISK
-A RH-Firewall-1-INPUT -p udp --dport 10000:20000 -m state --state NEW 
-j AST_WHITELIST
-A RH-Firewall-1-INPUT -p udp --dport 10000:20000 -m state --state NEW 
-m recent --update --seconds 60 --hitcount 4 --rttl --name ASTERISK -j DROP

You can have multiple lines whitelisting IPs or ranges and set the 
--hitcount and --update to what ever works for you.  I don't get many 
attacks.  YMMV.


Rod
-- 




More information about the asterisk-users mailing list