Rev 5 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Fail2Ban configuration file## Enable "log-auth-failures" on each Sofia profile to monitor# <param name="log-auth-failures" value="true"/># -- this requires a high enough loglevel on your logs to save these messages.## In the fail2ban jail.local file for this filter set ignoreip to the internal# IP addresses on your LAN.#[Definition]failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>$^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\] from <HOST>$ignoreregex =# Author: Rupa SChomaker, soapee01, Daniel Black# https://freeswitch.org/confluence/display/FREESWITCH/Fail2Ban# Thanks to Jim on mailing list of samples and guidance## No need to match the following. Its a duplicate of the SIP auth regex.# ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$