Asterisk 20.7 fail2ban ubuntu 22.04

Because this doesn’t work, I will detail the entire configuration, but asterisk 20.7 ubuntu 22.04

asterisk register
security.log => security
console => warning, warning, error
messages.log => warning, warning, error

#fail2ban configuration
/etc/fail2ban/jail.local
[asterisk]
backend=systemd
enabled = true
#logpath = /var/log/asterisk/security.log
filter = asterisk filter
logpath = /var/log/asterisk/security
##action = iptables-allports[name=ASTERISK, protocol=all]
#action = iptables-allports[name=ASTERISK-security, protocol=all]
action = %(banaction)s[name=%(name)s-tcp, port=“%(port)s”, protocol=“tcp”, chain=“%(chain)s”, actname=%(banaction) s-tcp]
%(banaction)s[name=%(name)s-udp, port=“%(port)s”, protocol=“udp”, chain=“%(chain)s”, actname=%(banaction)s- udp]
%(mta)s-whois[name=%(name)s, dest=“%(destemail)s”]
ban = ufw
maximum attempt = 5
ban time = 60
ignoreip = 127.0.0.1/8

ufw configuration

ufw status
Status: active

For the action of

5060.5061/tcp ALLOW anywhere
5060/udp ALLOW anywhere
10000:20000/udp ALLOW anywhere

fail2ban status

    fail2ban client status asterisk

Arrest status: asterisk
|- Filter
| |- Currently failed: 0
| |- Total failures: 0
| - Journal matches: _SYSTEMD_UNIT=asterisk.service - Actions
|- Currently banned: 0
|- Total banned: 0
`- List of banned IPs:

Usually, the most common known issues with Fail2ban on Asterisk servers include:

1. Missing or unspecified Asterisk security logs in the Fail2ban rule.
2. Firewall engine not properly functioning, such as firewalld, iptables, or ufw.
3. Misconfiguration in the Fail2ban Asterisk jail rule.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.