| Summary: | ASTERISK-25567: Log IP Addresses for automatic firewalling (e.g. fail2ban) | ||
| Reporter: | Troy Bowman (troy) | Labels: | |
| Date Opened: | 2015-11-16 17:44:43.000-0600 | Date Closed: | 2015-11-16 19:28:02.000-0600 |
| Priority: | Minor | Regression? | |
| Status: | Closed/Complete | Components: | Channels/chan_sip/Registration |
| Versions: | 13.6.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Linux | Attachments: | |
| Description: | Please consider adding IP addresses to registration failures to allow programs like fail2ban to firewall abusers after a certain number of attempts.
I will attach a patch which illustrates the idea when I've been granted the permission to do so. | ||
| Comments: | By: Asterisk Team (asteriskteam) 2015-11-16 17:44:45.451-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Michael L. Young (elguero) 2015-11-16 18:51:41.979-0600 Have you enabled the security log? Check out logger.conf if you have not done so already. Fail2ban also has a wiki page describing how to setup the security events log to work with fail2ban. By: Troy Bowman (troy) 2015-11-16 19:19:47.508-0600 The security log does not log bad call attempts, does it? For example, the patch I wish to give adds the part in parentheses below, which allows me to eventually ban people trying to call through my system: Nov 17 01:01:48] NOTICE[3002][C-00000dd5] chan_sip.c: Call from '' (37.75.209.155:10009) to extension '011972597380122' rejected because extension not found in context 'incoming'. [Nov 17 01:01:49] NOTICE[3002][C-00000dd6] chan_sip.c: Call from '' (37.75.209.155:10000) to extension '1010288011972597380122' rejected because extension not found in context 'incoming'. [Nov 17 01:01:50] NOTICE[3002][C-00000dd7] chan_sip.c: Call from '' (37.75.209.155:10019) to extension '1010333011972597380122' rejected because extension not found in context 'incoming'. [Nov 17 01:01:51] NOTICE[3002][C-00000dd8] chan_sip.c: Call from '' (37.75.209.155:10014) to extension '1010555011972597380122' rejected because extension not found in context 'incoming'. By: Troy Bowman (troy) 2015-11-16 19:28:02.464-0600 Oops, I'm sorry for wasting your time. Thanks for your patience. | ||