Intrusion Detection bans a whitelisted IP

edlentz · May 27, 2025, 8:42pm

Freepbx version 16 . Fail2ban bans an ip that is in the whitelist. I have tried to reinstall fail2ban but I get an error: Error: Trying to remove “sangoma-pbx16”, which is protected when I try to remove the original version. I am trying to reinstall the fail2ban-fpbx version. When I access the gui to start it I have this error “It seems that you are missing the necessary files to start Intrusion Detection.” So at this point am I hosed and need to reinstall the system?
Thanks

billsimon · May 27, 2025, 11:21pm

Hard to say what you should do at this point but normally folks would review logs and configuration first before deciding to reinstall software. Were you able to access the intrusion detection screen before trying to reinstall?

edlentz · May 28, 2025, 1:15pm

Yeah I did look into the logs and I didn’t see anything that indicated why it blocked that IP. It was in the asterisk-iptables jail where I saw it was blocked. The thing was that this system has approx 50 phones registered from that ip address. It has been fine for a year or two. All the modules were up to date. I would add the IP into the whitelist and within 5 minutes it had blocked the IP.

edlentz · May 28, 2025, 1:59pm

Investigating now but there is another system that did the same thing

AMI · May 28, 2025, 2:13pm

You’re running the firewall as well? You’ve also whitelisted those IPs in the firewall? There’s two things happening here, there is the firewall that is doing connection tracking and could ban an IP as well as fail2ban checking logs.

Do the IPs appear properly in the jail.local config?

edlentz · May 28, 2025, 2:16pm

Hi AMI
Not running the firewall, just the fail2ban. I haven’t looked in jail.local config yet for the second one

edlentz · May 28, 2025, 2:44pm

Both systems are FPBX 16.0.40.13 with Fail2Ban version 0.8.14 for what that is worth

edlentz · May 28, 2025, 3:16pm

correction running yum info fail2ban says the version is 0.11.1 on both looking at the local.jail the IPs that should be allowed are in the ignoreip entry.

edlentz · May 29, 2025, 8:00pm

Found out my jail.local file was hosed. After fixing that I am working again Thanks to all

franck.danard · May 30, 2025, 9:56am

If you tried to update F2B on FreePBX 16, I think it’s a bad idea.Because the FreePBX code is using its own F2B parameters compatible only with F2B v 0.8.4. which is installed by default.
The config between 0.8.4 & 0.11.x are not compatible.
Just be careful

edlentz · May 30, 2025, 1:34pm

Thanks Franck

I read about that gotcha. Real nice of Sangoma to keep up to date, NOT But we got it working eventually, so all good

dicko · June 1, 2025, 3:23pm

(post deleted by author)