<p>Hi Matt,</p>
<p>What eaxtly you mean by Fail2ban crapping out? I never had any problem with it, and for me it is not only protecting asterisk, but also multiple websites for wrong logging attempts, spams and SQL injections. Based on your experience I would like to see if I need to be careful with its settings, just in case if it could fail at any wrong time.</p>
<p>Zeeshan A Zakaria</p>
<p>--<br>
<a href="http://www.ilovetovoip.com">www.ilovetovoip.com</a></p>
<p><blockquote type="cite">On 2010-07-02 12:29 PM, "Matt Desbiens" <<a href="mailto:desbiensm@gmail.com">desbiensm@gmail.com</a>> wrote:<br><br>I've noticed from time to time, that fail2ban just craps out, so, this might be of interest to the community assuming you use <a href="http://192.168.100.0/24" target="_blank">192.168.100.0/24</a> on your network<br>
<br>
<p class="MsoNormal">iptables -A INPUT -s <a href="http://192.168.100.0/24" target="_blank">192.168.100.0/24</a> -j ACCEPT <br></p>
<p class="MsoNormal">iptables -A INPUT -s carrierip.x.x.x -j ACCEPT</p>
<p class="MsoNormal"></p>iptables -A INPUT -s 127.0.0.1 -j ACCEPT
<p class="MsoNormal"></p><p class="MsoNormal">iptables -A INPUT -p udp -m udp -s carrierip.x.x.x
--destination-port 5060 -j ACCEPT</p><p class="MsoNormal">iptables -A INPUT -p udp -m udp -s carrierip.x.x.x
--destination-port 10000:20000 -j ACCEPT</p><p class="MsoNormal">iptables -A INPUT -p udp -m udp --destination-port 5060 -j
DROP</p>
<p class="MsoNormal"></p><p class="MsoNormal">iptables -A INPUT -p udp -m udp --destination-port
10000:20000 -j DROP</p><p class="MsoNormal">iptables -A INPUT -p udp -m udp --destination-port 4000:4999
-j DROP</p>
<p class="MsoNormal"></p><p class="MsoNormal">iptables -A INPUT -p udp -m udp --destination-port 4569 -j
DROP</p>
<p class="MsoNormal"></p><p class="MsoNormal">iptables -A INPUT -p tcp -m tcp --destination-port 5038 -j
DROP</p>
<p class="MsoNormal"></p><p class="MsoNormal">iptables -A INPUT -p tcp -m tcp --destination-port 22 -j
DROP</p>
<p class="MsoNormal"></p><p class="MsoNormal">iptables -A INPUT -p udp -m udp --destination-port 22 -j
DROP</p>
<p class="MsoNormal"></p><p class="MsoNormal">iptables -A OUTPUT -o eth0 -p all -j ACCEPT</p>
<p class="MsoNormal"></p><p class="MsoNormal">iptables -A OUTPUT -o eth1 -p all -j ACCEPT</p>
<p class="MsoNormal"></p><p class="MsoNormal">iptables -A INPUT -i eth0 -p all -j ACCEPT</p>
<p class="MsoNormal"></p><p class="MsoNormal">iptables -A INPUT -i eth1 -p all -j ACCEPT</p>
<p class="MsoNormal"></p><p class="MsoNormal">iptables -P INPUT DROP</p>
<br><br><div class="gmail_quote">2010/7/2 Jonathan González <span dir="ltr"><<a href="mailto:jonathan.gsc@gmail.com" target="_blank">jonathan.gsc@gmail.com</a>></span><p><font color="#500050"><br>><br>> Same activity from these IPs:<br>
> 174.129.137.135<br>> 89.35.123.12<br>> 209.20.66.234<br>> 184.73.30.42<br>>...</font></p></div><font color="#888888"><br><br clear="all"><br>-- <br>Matthew Desbiens<br>//* EOF *//<br>
</font><br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></p>