So I set this up again on a new jump box today.

SSH attempts did not log until I changed the mode to ddos

@JaredBusch fair enough, I haven't used the product itself as of yet and wasn't aware it had whitelisting inside the product, if this was specific to just fail2ban then that method would be suitable, but in this case I agree with you, my mistake.

@anthonyh said in Zimbra, fail2ban, CentOS 7, and firewalld:

@scottalanmiller said in Zimbra, fail2ban, CentOS 7, and firewalld:

https://arstech.net/zimbra-fail2ban-setup/

I came across that article and it's the most promising. Though it's still a iptables based fail2ban configuration. I'm not sure if it's as simple as changing the references to iptables or if tweaking it to work with firewalld is more involved.

I suppose an option is to disable firewalld and install iptables. I've done that before in the past.

Hmm...

That's probably what they did, because you need to disable firewalld to enable iptables.

FreePBX's jail.local doesn't use that syntax.

[root@pbx ~]# cat /etc/fail2ban/jail.local # Configuration automatically generated via the Sysadmin Module # This file will be overwritten by Sysadmin on startup. If you modify # this file, your changes will be lost. DO NOT MODIFY THIS FILE! # generated: Thu, 21 Jun 2018 02:53:21 +0000 [DEFAULT] ignoreip = 127.0.0.1 bantime = 3600 findtime = 600 maxretry = 5 backend = auto [asterisk-iptables] enabled = true filter = asterisk-security action = iptables-allports[name=SIP, protocol=all] sendmail[name=SIP, [email protected], [email protected]] logpath = /var/log/asterisk/fail2ban

@syko24 free... and useless:

Limitations of the free license:

The free license is limited to five locks per day which means the free edition defends your system against five unique attacks per day. [...] The free license does not contain reporting (like the PRO edition does).

Also, no official support for Windows Server 2016.

https://cyberarms.net/download-pricing/installation-configuration.aspx

@nadnerB said:

@thanksajdotcom said:

For @nadnerB , what htop looks like:
upload-35672b65-fea1-4909-9b50-3aa99b1b2608

Ah ha. That looks like what I want. Thanks 🙂

No problem