| 5 |
- |
1 |
# Fail2Ban configuration file
|
|
|
2 |
#
|
|
|
3 |
# Enable "log-auth-failures" on each Sofia profile to monitor
|
|
|
4 |
# <param name="log-auth-failures" value="true"/>
|
|
|
5 |
# -- this requires a high enough loglevel on your logs to save these messages.
|
|
|
6 |
#
|
|
|
7 |
# In the fail2ban jail.local file for this filter set ignoreip to the internal
|
|
|
8 |
# IP addresses on your LAN.
|
|
|
9 |
#
|
|
|
10 |
|
|
|
11 |
[Definition]
|
|
|
12 |
|
|
|
13 |
failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>$
|
|
|
14 |
^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\] from <HOST>$
|
|
|
15 |
|
|
|
16 |
ignoreregex =
|
|
|
17 |
|
|
|
18 |
# Author: Rupa SChomaker, soapee01, Daniel Black
|
|
|
19 |
# http://wiki.freeswitch.org/wiki/Fail2ban
|
|
|
20 |
# Thanks to Jim on mailing list of samples and guidance
|
|
|
21 |
#
|
|
|
22 |
# No need to match the following. Its a duplicate of the SIP auth regex.
|
|
|
23 |
# ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$
|