Hi there-
We are running Asterisk 11 and are searching for a better and less labor intensive method of banning the IP addresses of robocallers, as we get a bunch of them… over 15 or 20 a day.
Since any call sent to our PBX comes from our carrier IP’s, we are determining the IP address of the robocaller by running a packet capture and looking at the RTP stream to grab the IP address of the caller. Then we are taking this IP address and banning the IP address with IP tables.
Is there a better way to do this? I was told this can be done with Fail2Ban somehow but I’m really not ensure what would be entailed by going that route.
Thank you!
I made something similar a few years a go
[default]
exten => _X.,1,Noop(Dead calls rising)
exten => _X.,n,Set(uri=${CHANNEL(peerip)})
exten => _X.,n,Verbose(3,Unknown call from ${uri} to ${EXTEN})
exten => _X.,n,System(/root/block.sh ${uri})
Use this line if you dont want to use any script
same=>n,System(/sbin/iptables -A INPUT -s ${CHANNEL(peerip)} -j DROP)
Thank you for your reply! Can you give me a little more context of your solution? Where are you inputting this code into? What exactly does it do?
If we aren’t using a script then the code would be this?
[default]
exten => _X.,1,Noop(Dead calls rising)
exten => _X.,n,Set(uri=${CHANNEL(peerip)})
exten => _X.,n,Verbose(3,Unknown call from ${uri} to ${EXTEN})
same=>n,System(/sbin/iptables -A INPUT -s ${CHANNEL(peerip)} -j DROP
extensions.conf but this will block any thing that land on this context, so you will have to input some kind of conditional if you want to white list some IP,