Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-22786

Intrusion Detection Sync Firewall not adding Trusted IPs to fail2ban ignorelist

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 13, 14, 15
    • Fix Version/s: None
    • Labels:
      None
    • Bug Tracker:
      Customer Issue
    • ToDo:
    • Asterisk Version:
      Asterisk 16.19.0
    • Distro Version:
      Sangoma Linux release 7.8.2003 (Core)
    • Distro:
      FreePBX Distro

      Description

      Firewall Trusted zone is not syncing to fail2ban ignoreip.

      sysadmin: 15.0.21.79
      firewall: 15.0.19

      [kris@freepbx ~]$ sudo fwconsole firewall list trusted
      All entries in zone 'trusted':
      192.168.122.1/32
      192.168.122.0/24
      45.248.124.0/24
      45.248.125.0/24
      45.248.126.0/23
      66.255.204.0/22
      104.167.246.0/24
      137.220.4.0/24
      137.220.5.0/24
      137.220.6.0/23
      137.83.48.0/24
      137.83.49.0/24
      141.193.12.0/24
      141.193.13.0/24
      147.189.212.0/23
      148.59.180.0/24
      148.59.181.0/24
      148.59.198.0/24
      148.59.199.0/24
      148.59.204.0/24
      148.59.205.0/24
      148.59.218.0/24
      148.59.219.0/24
      148.59.46.0/24
      161.38.24.0/21
      162.223.100.0/24
      162.223.101.0/24
      162.223.102.0/24
      162.223.103.0/24
      163.47.79.0/24
      168.245.198.0/24
      168.245.199.0/24
      170.199.236.0/24
      170.199.237.0/24
      170.199.244.0/24
      170.199.245.0/24
      170.39.6.0/24
      174.34.232.0/24
      192.211.47.0/24
      192.30.52.0/24
      192.81.164.0/24
      192.81.165.0/24
      199.10.84.0/24
      199.192.104.0/24
      199.192.105.0/24
      199.192.106.0/24
      199.192.107.0/24
      199.233.15.0/24
      199.247.48.0/24
      204.209.176.0/24
      204.209.177.0/24
      207.53.236.0/23
      207.53.238.0/24
      207.53.239.0/24
      208.101.232.0/24
      208.101.233.0/24
      208.103.159.0/24
      209.59.248.0/24
      216.120.176.0/24
      216.120.177.0/24
      [kris@freepbx ~]$ sudo fwconsole firewall sync
      Syncing....
      [kris@freepbx ~]$ sudo systemctl restart fail2ban
      [kris@freepbx ~]$ sudo fail2ban-client get asterisk-iptables ignoreip
      These IP addresses/networks are ignored:

      • 127.0.0.1
      • 216.120.177.0/24
      • 192.168.122.65
        `- 192.168.119.133
        [kris@freepbx ~]$ sudo fail2ban-client get pbx-gui ignoreip
        These IP addresses/networks are ignored:
      • 127.0.0.1
      • 216.120.177.0/24
      • 192.168.122.65
        `- 192.168.119.133
        [kris@freepbx ~]$ echo "select * from sysadmin_options where \`key\` = 'fail2ban_whitelist';"
      sudo fwconsole m -q
      key value
      fail2ban_whitelist 127.0.0.1\n216.120.177.0/24
      [kris@freepbx ~]$

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                krishammer The Hammer
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.