I have gotten around the fail2ban and CPU issue by (other user’s solution, thank you @toxicfusion) putting a script in to truncate the fail2ban logs. However, I still see password guessing attacks. The GeoFirewall is lovely, but could I also configure a rule in iptables to reject connections that are hitting myself server via the IP and not the FQDN? I thought of this after reading this blog post.
So this has worked well for allowing registrations only from UACs that are registering via the FQDN of the PBX I put into the SIP settings of the phone, but I use the IP address in my Telnyx configuration profile (not the FQDN, and without credentials). Would whitelisting the signaling domain and IP sip.telnyx.com (220.127.116.11) fix this? Or would my only choice be to change my Telnyx configurations to use the FQDN as well?