ubuntu 20.04

freeswitch 1.10.5

fail2ban 0.11.1 https://github.com/fail2ban/fail2ban

1,先要让恶意访问的警告内容写入freeswitch的日志

修改 /usr/local/freeswitch/conf/sip_profiles/internal.xml

<param name="log-auth-failures" value="true"/>


修改 /usr/local/freeswitch/conf/autoload_configs/switch.conf.xml

<param name="threaded-system-exec" value="true"/>

改好以后保存,然后重启 freeswitch 或者 reloadxml

2,安装fail2ban ,如果之前安装过但是出错了 需要先卸载

apt-get安装的 直接 sudo apt-get remove fail2ban

源码安装的可以考虑先结束fail2ban的进程然后手动删除下面的文件

/usr/bin/fail2ban-*
/usr/local/bin/fail2ban-*
/usr/lib/python*/*/fail2ban
/usr/local/lib/python*/*/fail2ban (例如 /usr/local/lib/python2.7/dist-packages/fail2ban/)
/etc/fail2ban

然后重新安装 apt-get install fail2ban

再查看/etc/fail2ban目录下是否有配置文件,如果没有,需要从github上下载config文件夹下的配置文件 复制进来

启动 systemctl start fail2ban

查看状态 systemctl status fail2ban

3,配置

修改 /etc/fail2ban/jail.local 如果没有这个文件,那复制一个jail.conf 改名过来

在里面搜 freeswitch,把对应端口补上,log文件地址改成 /usr/local/freeswitch/log/freeswitch.log

然后保存

/etc/fail2ban/jail.d/ 新建一个 freeswitch.local 文件

内容写

[freeswitch]
enabled = true

maxretry = 4 ; for a total of five failures
findtime = 3600 ; based on empirical testing
bantime = 259200 ; ban for 3day (which lets us pick up repeat offenders)

# We do not use 5061 and it is not open to the outside world, so act on 5060 only
port = 5060,5061,5080,5081,7060

# we do not want mail, so remove that action from standard jail.conf freeswitch config
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]

# Add intrusion log, which contains special string for host (see freeswitch.local filter)
logpath = /usr/local/freeswitch/log/freeswitch.log

保存 然后重新载入配置

fail2ban-client reload 如果出错 尝试在命令前面加python3

python3 fail2ban-client reload

python3 fail2ban-client status freeswitch #查看当前freeswitch 被禁止的服务器的状态

python3 fail2ban-client set freeswitch unbanip 1.2.3.4 #设置freeswitch策略,解禁IP 1.2.3.4