37 lines
1.3 KiB
Plaintext
37 lines
1.3 KiB
Plaintext
# Fail2Ban configuration file
|
|
#
|
|
# Enable "log-auth-failures" on each Sofia profile to monitor
|
|
# <param name="log-auth-failures" value="true"/>
|
|
# -- this requires a high enough loglevel on your logs to save these messages.
|
|
#
|
|
# In the fail2ban jail.local file for this filter set ignoreip to the internal
|
|
# IP addresses on your LAN.
|
|
#
|
|
|
|
[INCLUDES]
|
|
|
|
# Read common prefixes. If any customizations available -- read them from
|
|
# common.local
|
|
before = common.conf
|
|
|
|
[Definition]
|
|
|
|
_daemon = freeswitch
|
|
|
|
# Prefix contains common prefix line (server, daemon, etc.) and 2 datetimes if used systemd backend
|
|
_pref_line = ^%(__prefix_line)s(?:\d+-\d+-\d+ \d+:\d+:\d+\.\d+)?
|
|
|
|
failregex = %(_pref_line)s \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[[^\]]*\] from ip <HOST>$
|
|
%(_pref_line)s \[WARNING\] sofia_reg\.c:\d+ Can't find user \[[^@]+@[^\]]+\] from <HOST>$
|
|
|
|
ignoreregex =
|
|
|
|
datepattern = {^LN-BEG}
|
|
|
|
# Author: Rupa SChomaker, soapee01, Daniel Black
|
|
# https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban
|
|
# Thanks to Jim on mailing list of samples and guidance
|
|
#
|
|
# No need to match the following. Its a duplicate of the SIP auth regex.
|
|
# ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$
|