в filter.d/asterisk.conf есть такие вариации
Trying to put 'SIP\/2.0 401' onto UDP socket destined for <HOST>:.*
Trying to put 'SIP/2.0 401' onto UDP socket destined for <HOST>:.*
DEBUG.* .*: Trying to put 'SIP\/2.0 401' onto UDP socket destined for <HOST>:.*$
DEBUG.* .*: Trying to put 'SIP/2.0 401' onto UDP socket destined for <HOST>:.*$
Ни по одному из вышеперечисленных правил, не добавляет в фильтр айпи из сообщения вида:
DEBUG[31267]: chan_sip.c:3805 __sip_xmit: Trying to put 'SIP/2.0 401' onto UDP socket destined for ip:port
В целом какие-то правила срабатывают
fail2ban-regex /var/log/asterisk/full /etc/fail2ban/filter.d/asterisk.conf
0 ignored, 34 matched
jail.local
spoiler[asterisk]
port = 5060,5061
action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
%(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s"]
logpath = /var/log/asterisk/full
maxretry = 10
findtime = 86400
bantime = 518400
enabled = true
Простой