Asterisk 20.7 fail2ban ubuntu 22.04

Asterisk Asterisk SIP
1

Because this doesn’t work, I will detail the entire configuration, but asterisk 20.7 ubuntu 22.04

asterisk register
security.log => security
console => warning, warning, error
messages.log => warning, warning, error

#fail2ban configuration
/etc/fail2ban/jail.local
[asterisk]
backend=systemd
enabled = true
#logpath = /var/log/asterisk/security.log
filter = asterisk filter
logpath = /var/log/asterisk/security
##action = iptables-allports[name=ASTERISK, protocol=all]
#action = iptables-allports[name=ASTERISK-security, protocol=all]
action = %(banaction)s[name=%(name)s-tcp, port=“%(port)s”, protocol=“tcp”, chain=“%(chain)s”, actname=%(banaction) s-tcp]
%(banaction)s[name=%(name)s-udp, port=“%(port)s”, protocol=“udp”, chain=“%(chain)s”, actname=%(banaction)s- udp]
%(mta)s-whois[name=%(name)s, dest=“%(destemail)s”]
ban = ufw
maximum attempt = 5
ban time = 60
ignoreip = 127.0.0.1/8

ufw configuration

ufw status
Status: active

For the action of

5060.5061/tcp ALLOW anywhere
5060/udp ALLOW anywhere
10000:20000/udp ALLOW anywhere

fail2ban status

    fail2ban client status asterisk

Arrest status: asterisk
|- Filter
| |- Currently failed: 0
| |- Total failures: 0
| - Journal matches: _SYSTEMD_UNIT=asterisk.service - Actions
|- Currently banned: 0
|- Total banned: 0
`- List of banned IPs:

2

Usually, the most common known issues with Fail2ban on Asterisk servers include:

  1. Missing or unspecified Asterisk security logs in the Fail2ban rule.
  2. Firewall engine not properly functioning, such as firewalld, iptables, or ufw.
  3. Misconfiguration in the Fail2ban Asterisk jail rule.