[asterisk-users] asterisk and fail2ban
Roderick A. Anderson
raanders at cyber-office.net
Thu Mar 31 14:05:38 CDT 2011
Gordon Henderson wrote:
> On Wed, 30 Mar 2011, Terry Brummell wrote:
>
>> Yah, sounds simple, how do you set it up to do this? Fail2Ban was
>> pretty easy, if it's that easy, why was F2B even created?
>
> It's easy for me because I read an undestand how things work, and deal
> with Linux firewalling in a daily basis. Fail2ban is an (almost) drop-in
> solution which requires minimal thinking - just a few lines in a config
> file to edit. (and python which I don't have installed on my systems)
And in case you missed Gordon's post (quite awhile ago) on this topic
this is what I use on CentOS 5 systems based on that:
#+# 20100917raa - Testing to prevent Asterisk registration attacks
-N AST_WHITELIST
-A AST_WHITELIST -s 10.10.3.21 -m recent --remove --name ASTERISK -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 10000:20000 -m state --state NEW
-m recent --set --name ASTERISK
-A RH-Firewall-1-INPUT -p udp --dport 10000:20000 -m state --state NEW
-j AST_WHITELIST
-A RH-Firewall-1-INPUT -p udp --dport 10000:20000 -m state --state NEW
-m recent --update --seconds 60 --hitcount 4 --rttl --name ASTERISK -j DROP
You can have multiple lines whitelisting IPs or ranges and set the
--hitcount and --update to what ever works for you. I don't get many
attacks. YMMV.
Rod
--
More information about the asterisk-users
mailing list