2014-01-03 02:00:37 +00:00
# Fail2Ban configuration file
#
2014-01-04 01:39:48 +00:00
# Enable "log-auth-failures" on each Sofia profile to monitor
# <param name="log-auth-failures" value="true"/>
# -- this requires a high enough loglevel on your logs to save these messages.
2014-01-03 02:00:37 +00:00
#
2014-01-03 21:31:42 +00:00
# In the fail2ban jail.local file for this filter set ignoreip to the internal
# IP addresses on your LAN.
#
2014-01-03 02:00:37 +00:00
[Definition]
2014-01-03 21:21:22 +00:00
failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>$
^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\] from <HOST>$
2014-01-03 02:00:37 +00:00
ignoreregex =
# Author: Rupa SChomaker, soapee01, Daniel Black
# http://wiki.freeswitch.org/wiki/Fail2ban
2014-01-03 21:21:22 +00:00
# Thanks to Jim on mailing list of samples and guidance
2014-01-03 02:00:37 +00:00
#
2014-01-04 01:10:51 +00:00
# No need to match the following. Its a duplicate of the SIP auth regex.
# ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP <HOST> Rejected by acl "\S+"\. Falling back to Digest auth\.$
