fail2ban and iptables FQDN rule

VitalPBX Community Support General Discussion fail2ban and iptables FQDN rule

  • Post
    kbohannon
    Participant

    I have gotten around the fail2ban and CPU issue by (other user’s solution, thank you @toxicfusion) putting a script in to truncate the fail2ban logs. However, I still see password guessing attacks.  The GeoFirewall is lovely, but could I also configure a rule in iptables to reject connections that are hitting myself server via the IP and not the FQDN? I thought of this after reading this blog post.

    0
Viewing 3 replies - 1 through 3 (of 3 total)
  • Replies
    Up
    0
    Down

    You may use the command “fail2ban-clean-db” to truncate fail2ban logs. 

    For better security, you may configure the following security parameters on SIP Settings module (Check the picture attached).

    0
    kbohannon
    Participant
    Up
    0
    Down

    @ing-joserivera26

    So this has worked well for allowing registrations only from UACs that are registering via the FQDN of the PBX I put into the SIP settings of the phone, but I use the IP address in my Telnyx configuration profile (not the FQDN, and without credentials). Would whitelisting the signaling domain and IP sip.telnyx.com (192.76.120.10) fix this? Or would my only choice be to change my Telnyx configurations to use the FQDN as well?

    0
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘fail2ban and iptables FQDN rule’ is closed to new replies.