Hi Matt, What eaxtly you mean by Fail2ban crapping out? I never had any problem with it, and for me it is not only protecting asterisk, but also multiple websites for wrong logging attempts, spams and SQL injections. Based on your experience I would like to see if I need to be careful with its settings, just in case if it could fail at any wrong time.
Zeeshan A Zakaria -- www.ilovetovoip.com On 2010-07-02 12:29 PM, "Matt Desbiens" <desbie...@gmail.com> wrote: I've noticed from time to time, that fail2ban just craps out, so, this might be of interest to the community assuming you use 192.168.100.0/24 on your network iptables -A INPUT -s 192.168.100.0/24 -j ACCEPT iptables -A INPUT -s carrierip.x.x.x -j ACCEPT iptables -A INPUT -s 127.0.0.1 -j ACCEPT iptables -A INPUT -p udp -m udp -s carrierip.x.x.x --destination-port 5060 -j ACCEPT iptables -A INPUT -p udp -m udp -s carrierip.x.x.x --destination-port 10000:20000 -j ACCEPT iptables -A INPUT -p udp -m udp --destination-port 5060 -j DROP iptables -A INPUT -p udp -m udp --destination-port 10000:20000 -j DROP iptables -A INPUT -p udp -m udp --destination-port 4000:4999 -j DROP iptables -A INPUT -p udp -m udp --destination-port 4569 -j DROP iptables -A INPUT -p tcp -m tcp --destination-port 5038 -j DROP iptables -A INPUT -p tcp -m tcp --destination-port 22 -j DROP iptables -A INPUT -p udp -m udp --destination-port 22 -j DROP iptables -A OUTPUT -o eth0 -p all -j ACCEPT iptables -A OUTPUT -o eth1 -p all -j ACCEPT iptables -A INPUT -i eth0 -p all -j ACCEPT iptables -A INPUT -i eth1 -p all -j ACCEPT iptables -P INPUT DROP 2010/7/2 Jonathan González <jonathan....@gmail.com> > > Same activity from these IPs: > 174.129.137.135 > 89.35.123.12 > 209.20.66.234 > 184.73.30.42 >... -- Matthew Desbiens //* EOF *// -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users