gizmoguy/gist:6665686

## gistfile1.txt
> /etc/fail2ban/jail.conf
[freeswitch]
enabled  = true
port     = 5060,5061,5080,5081
filter   = freeswitch
logpath  = /var/log/freeswitch/freeswitch.log
maxretry = 10
action   = iptables-allports[name=freeswitch, protocol=all]

[freeswitch-dos]
enabled  = true
port     = 5060,5061,5080,5081
filter   = freeswitch-dos
logpath  = /var/log/freeswitch/freeswitch.log
action   = iptables-allports[name=freeswitch-dos, protocol=all]
maxretry = 50
findtime = 30
bantime  = 6000

> /etc/fail2ban/filter.d/freeswitch.conf
# Fail2Ban configuration file
#
# Author: Rupa SChomaker
#

[Definition]

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

> /etc/fail2ban/filter.d/freeswitch-dos.conf
# Fail2Ban configuration file
#
# Author: soapee01
#

[Definition]
# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
	> /etc/fail2ban/jail.conf
	[freeswitch]
	enabled = true
	port = 5060,5061,5080,5081
	filter = freeswitch
	logpath = /var/log/freeswitch/freeswitch.log
	maxretry = 10
	action = iptables-allports[name=freeswitch, protocol=all]

	[freeswitch-dos]
	enabled = true
	port = 5060,5061,5080,5081
	filter = freeswitch-dos
	logpath = /var/log/freeswitch/freeswitch.log
	action = iptables-allports[name=freeswitch-dos, protocol=all]
	maxretry = 50
	findtime = 30
	bantime = 6000

	> /etc/fail2ban/filter.d/freeswitch.conf
	# Fail2Ban configuration file
	#
	# Author: Rupa SChomaker
	#

	[Definition]

	# Option: failregex
	# Notes.: regex to match the password failures messages in the logfile. The
	# host must be matched by a group named "host". The tag "<HOST>" can
	# be used for standard IP/hostname matching and is only an alias for
	# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
	# Values: TEXT
	#
	failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>
	\[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>

	# Option: ignoreregex
	# Notes.: regex to ignore. If this regex matches, the line is ignored.
	# Values: TEXT
	#
	ignoreregex =

	> /etc/fail2ban/filter.d/freeswitch-dos.conf
	# Fail2Ban configuration file
	#
	# Author: soapee01
	#

	[Definition]
	# Option: failregex
	# Notes.: regex to match the password failures messages in the logfile. The
	# host must be matched by a group named "host". The tag "<HOST>" can
	# be used for standard IP/hostname matching and is only an alias for
	# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
	# Values: TEXT
	#
	failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'[^']+\' for \[.*\] from ip <HOST>

	# Option: ignoreregex
	# Notes.: regex to ignore. If this regex matches, the line is ignored.
	# Values: TEXT
	#
	ignoreregex =