Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-15069

ignoreip on jail.local has more IPs that those listed on System Admin Whitelist

    XMLWordPrintable

    Details

    • ToDo:
    • Asterisk Version:
      11.24.1
    • Distro Version:
      10.13.66-20
    • Distro:
      FreePBX Distro

      Description

      ignoreip on /etc/fail2ban/jail.local has more IPs listed than those listed on Whitelist section of System Admin module.

      The main issue is that there is a "peer" entry that is causing warnings on fail2ban.log, but also all the interfaces' IPs and 127.0.0.1  are listed on ignoreip, even though only 127.0.0.1 is specified on Whitelist section of the System Admin module.

       

       

      This is the ignoreip on jail.local (external IP obscured for privacy)

      [DEFAULT]
      ignoreip = 127.0.0.1 192.168.10.4 190.11.xxx.xxx 190.11.xxx.xxx peer 190.11.xxx.xxx
      bantime = 1800
      findtime = 600
      maxretry = 8
      backend = auto

       

      First and second 190.11.xxx.xxx is the external IP which is repeated two times, third 190.11.xxx.xxx is the IP of the external gateway. None of those IPs are specified on whitelist section of System Admin module. The word peer is the one causing the following warning messages on fail2ban.log

       

      This is the warning message on fail2ban.log, which appears repeatedly:

      2017-06-12 19:21:13,404 fail2ban.filter [15712]: WARNING Unable to find a corresponding IP address for peer: [Errno -2] Name or service not known
      2017-06-12 19:21:13,453 fail2ban.filter [15712]: WARNING Unable to find a corresponding IP address for peer: [Errno -2] Name or service not known
      2017-06-12 19:21:13,520 fail2ban.filter [15712]: WARNING Unable to find a corresponding IP address for peer: [Errno -2] Name or service not known
      2017-06-12 19:21:13,565 fail2ban.filter [15712]: WARNING Unable to find a corresponding IP address for peer: [Errno -2] Name or service not known

       

      I guess the culprit of the warning message is the "peer" entry on ignoreip. Beside that, I don't understand why are all my interfaces' IPs and gateway IP listed on ignoreip, being that only 127.0.0.1 is specified on Whitelist section.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                jphilip Philip Joseph
                Reporter:
                arielgrin arielgrin
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.