vicidial.org

hy..

i recently install vicibox 7.03

and i looked that fail2ban is installed.

my question is.. is it work? how do i know?

thanks

That question belongs on a Fail2Ban board. Or an IPtables Board.

however: "iptables-save" will display your present iptables configuration (contrary to what it sounds like, this does not "save" anything, but merely displays the iptables configuration by dumping it to the console so you can see the configuration).

You should find a few references to fail2ban in the configuration dump if it's active.

We recommend whitelist lockdown instead of fail2ban, however, especially for a PBX such as Vicidial.

ohh thank for respondme too quickcly

and another question..

wich configuration recomend me for a topology like this:

internet--> router cisco with access list with nat ip public to vicidial ------> vicidial with one network card

is necesary enable the firewall if i use access-list ?

if you are asking if you should use a firewall in vicidial when you already have a firewall in the router ... that's kinda a trick question.

if you have already built a whitelist firewall, why do YOU think you need another one?

ohh ok i understand thank you very much

another question

well i only implement fail2ban only for block ssh connections..

my question is

i can update fail2ban ?

this is becouse the acttualy jail.conf dont have option for enable one only jail


example::

#
# JAILS
#

#
# SSH servers
#

[sshd]

port = ssh
logpath = %(sshd_log)s


[sshd-ddos]
# This jail corresponds to the standard configuration in Fail2ban.
# The mail-whois action send a notification e-mail with a whois request
# in the body.
port = ssh
logpath = %(sshd_log)s

close port 22 in your whitelist system except for (of course) your IP.

ok thank you very much..

I am stucked with the same problem too!
I also answered YES to both ipv4 and ipv6 rules on iptables-persistent installation.
I don't really know what to do.

Follow the instructions for Dynamic Good Guys whitelist firewall system. Note that the "lockdown" before installation is all you need to do, installing DGG is only necessary to make it easy to add allowed IPs.

Unfortunately DGG is not yet updated for Vicibox 7, but there is a thread somewhere on the Vicidial forum that shows the changes necessary if you wanted to install DGG all the way (making it easy to add a new IP to the whitelist, without using 'yast firewall').