新建 docker-compose.yml
---
services:
fail2ban:
image: docker.1ms.run/crazymax/fail2ban:latest
container_name: fail2ban
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Shanghai
- VERBOSITY=-vv
volumes:
- ./data:/data
- /var/log:/var/log:ro
- /root/freeswitch/log:/remotelogs/app:ro/root/freeswitch/log 对应实际的日志目录,如果是 docker 部署的 freeswitch 可以先映射到本地目录
编辑 data/filter.d/freeswitch.conf
[Definition]
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>编辑 data/jail.d/freeswitch.conf
[freeswitch]
enabled = true
filter = freeswitch
findtime = 300
bantime = 1h
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
maxretry = 3
logpath = /remotelogs/app/freeswitch.log三次失败会 ban ip 一个小时
发表回复