新建 docker-compose.yml
---
services:
fail2ban:
image: docker.1ms.run/crazymax/fail2ban:latest
container_name: fail2ban
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Shanghai
- VERBOSITY=-vv
volumes:
- ./data:/data
- /var/log:/var/log:ro
- /root/freeswitch/log:/remotelogs/app:ro/root/freeswitch/log 对应实际的日志目录,如果是 docker 部署的 freeswitch 可以先映射到本地目录
编辑 data/filter.d/freeswitch.conf
[Definition]
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia.c:\d+ IP <HOST> Rejected by acl
\[WARNING\] sofia_reg.c:\d+ Can\'t find user \[.*\] from <HOST>编辑 data/jail.d/freeswitch.conf
[freeswitch]
enabled = true
filter = freeswitch
findtime = 300
bantime = 259200
action = %(banaction_allports)s[name=%(__name__)s-tcp, protocol="tcp", chain="%(chain)s", actname=%(banaction_allports)s-tcp]
%(banaction_allports)s[name=%(__name__)s-udp, protocol="udp", chain="%(chain)s", actname=%(banaction_allports)s-udp]
maxretry = 1
logpath = /remotelogs/app/freeswitch.log通过 fail2ba-client status freeswitch 可以查看当前执行状态
注意:会 ban 所有端口,所以拿本机测试的时候需要小心,小心 SSH 也会同步会断
修改配置文件需要重启
发表回复