ENH: add filter freeswitch - as raised on mailing list

ChangeLog

@@ -53,6 +53,8 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
   - Add filter for apache-modsecurity
   - filter.d/nsd.conf -- also amended Unix date template to match nsd format
   - Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543
+  - Added filter for freeswitch. Thanks Jim and editors and authors of 
+    http://wiki.freeswitch.org/wiki/Fail2ban
 
 - Enhancements:
   - loglines now also report "[PID]" after the name portion

config/filter.d/freeswitch.conf

@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+#
+# In freeswitch configuration: <param name="log-auth-failures" value="true"/>
+#
+
+[Definition]
+
+failregex = ^\.\d+ \[WARNING\] sofia_reg.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
+
+ignoreregex =
+
+# Author: Rupa SChomaker, soapee01, Daniel Black
+# http://wiki.freeswitch.org/wiki/Fail2ban
+#

config/jail.conf

@@ -382,6 +382,18 @@ action   = iptables-multiport[name=asterisk-tcp, port="5060,5061", protocol=tcp]
 logpath  = /var/log/asterisk/messages
 maxretry = 10
 
+
+[freeswitch]
+
+enabled  = false
+port     = 5060,5061,5080,5081
+filter   = freeswitch
+logpath  = /var/log/freeswitch.log
+maxretry = 10
+action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
+           iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
+
+
 #  Historical support (before https://github.com/fail2ban/fail2ban/issues/37 was fixed )
 #  use [asterisk] for new jails
 [asterisk-tcp]

testcases/files/logs/freeswitch

@@ -0,0 +1,2 @@
+# failJSON: { "time": "2013-12-31T17:39:54", "match": true, "host": "81.94.202.251" }
+2013-12-31 17:39:54.767815 [WARNING] sofia_reg.c:1533 SIP auth challenge (INVITE) on sofia profile 'internal' for [011448708752617@192.168.2.51] from ip 81.94.202.251