Page tree
Skip to end of metadata
Go to start of metadata

Introduction

By default, the PBX will put the IP address of the device on the Blacklist when 4 wrong attempts are made within 6 hours. They are then blocked for 24 hours.

 

Here is explained how to remove an IP address from the Blacklist when auto-banned by Fail2Ban.

Open Tx40 web-interface

    • In the web-interface of the T640/T440 go to: Administration - System status - Diagnostics - Intrusion detection

Open SSH console

    • Type : iptables -L -n

Using this command you can find which IP address is banned and why. Note the IP address you want to unban.

    • Type : fail2ban-client status


Now you know in which jail the IP Address is inserted and then unban it using : fail2ban-client set [jail-name] unbanip [IP address]

There is no more IP Address in jail.

 

We can see it in Web interface.

 

How to change the 4 attempts to higher value.

  • Open SSH console.
  • edit the asterisk.conf file "nano /etc/fail2ban/jail.d/asterisk.conf"

    asterisk.con

    [asterisk-iptables]
    enabled = true
    backend = auto
    filter = asterisk
    action = iptables-allports[name=ASTERISK, protocol=all]
    logpath = /var/log/voip.log
    # if more than 4 attempts are made within 6 hours, ban for 24 hours
    maxretry = 4
    findtime = 21600
    bantime = 86400

  • Change the maxretry to other value. The higher the value, the more insecure it get's.