fail2ban и already banned :: UNIX :: Компьютерный форум Ru.Board

Сегодня заметил неправильный пароль в логе астериска и при проверке вот что вышло:

Цитата:

[root@voip log]# iptables -vnL
...
Chain fail2ban-ASTERISK (1 references)
pkts bytes target prot opt in out source destination
34 19632 DROP all -- * * 185.19.222.218 0.0.0.0/0
8 6308 DROP all -- * * 207.244.67.206 0.0.0.0/0
513 316K DROP all -- * * 188.227.173.34 0.0.0.0/0
46 35409 DROP all -- * * 82.205.1.92 0.0.0.0/0
83 65105 DROP all -- * * 162.210.199.42 0.0.0.0/0
32M 7190M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

[root@voip log]# cat /var/log/asterisk/full | grep 'Wrong password'
[2014-03-04 08:05:14] NOTICE[4579] chan_sip.c: Registration from '"606" <sip:606@91.199.139.67:5060>' failed for '188.227.173.34:5061' - Wrong password
[2014-03-04 08:05:14] NOTICE[4579] chan_sip.c: Registration from '"606" <sip:606@91.199.139.67:5060>' failed for '188.227.173.34:5061' - Wrong password
[2014-03-04 11:53:10] NOTICE[4579] chan_sip.c: Registration from '"test" <sip:test@91.199.139.67:5060>' failed for '185.19.222.218:26616' - Wrong password
[2014-03-04 11:53:10] NOTICE[4579] chan_sip.c: Registration from '"test" <sip:test@91.199.139.67:5060>' failed for '185.19.222.218:26616' - Wrong password

[root@voip log]# cat /var/log/fail2ban.log
2014-03-02 04:46:04,152 fail2ban.actions: WARNING [asterisk-iptables] Unban 188.227.173.34
2014-03-02 09:53:58,680 fail2ban.actions: INFO [asterisk-iptables] 188.227.173.34 already banned
2014-03-04 11:53:11,759 fail2ban.actions: WARNING [asterisk-iptables] Ban 185.19.222.218
2014-03-04 11:53:15,425 fail2ban.actions: INFO [asterisk-iptables] 185.19.222.218 already banned
2014-03-04 11:53:16,426 fail2ban.actions: INFO [asterisk-iptables] 185.19.222.218 already banned

Это получается fail2ban и iptables как то не до конца банит?

----------
Fools rush in where angels fear to tread.

Модерирует : ShriEkeR
Версия для печати • Подписаться • Добавить в закладки