[ssh]
enabled  = true
port     = 22
protocol = ssh
filter   = sshd
logpath  = /var/log/auth.log
action   = iptables-allports[name=sshd, protocol=all]
maxretry = 6
findtime = 60
bantime  = 86400

[freeswitch]
enabled  = false
port     = 5060:5091
protocol = all
filter   = freeswitch
logpath  = /var/log/freeswitch/freeswitch.log
#logpath  = /usr/local/freeswitch/log/freeswitch.log
action   = iptables-allports[name=freeswitch, protocol=all]
maxretry = 10
findtime = 60
bantime  = 3600
#          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed

[freeswitch-acl]
enabled  = false
port     = 5060:5091
protocol = all
filter   = freeswitch-acl
logpath  = /var/log/freeswitch/freeswitch.log
#logpath  = /usr/local/freeswitch/log/freeswitch.log
action   = iptables-allports[name=freeswitch-acl, protocol=all]
maxretry = 900
findtime = 60
bantime  = 86400

[freeswitch-ip]
enabled  = false
port     = 5060:5091
protocol = all
filter   = freeswitch-ip
logpath  = /var/log/freeswitch/freeswitch.log
#logpath  = /usr/local/freeswitch/log/freeswitch.log
action   = iptables-allports[name=freeswitch-ip, protocol=all]
maxretry = 1
findtime = 60
bantime  = 86400

[auth-challenge-ip]
enabled  = false
port     = 5060:5091
protocol = all
filter   = auth-challenge-ip
logpath  = /var/log/freeswitch/freeswitch.log
#logpath  = /usr/local/freeswitch/log/freeswitch.log
action   = iptables-allports[name=auth-challenge-ip, protocol=all]
maxretry = 1
findtime = 60
bantime  = 86400

[sip-auth-challenge]
enabled  = false
port     = 5060:5091
protocol = all
filter   = sip-auth-challenge
logpath  = /var/log/freeswitch/freeswitch.log
#logpath  = /usr/local/freeswitch/log/freeswitch.log
action   = iptables-allports[name=sip-auth-challenge, protocol=all]
maxretry = 100
findtime = 60
bantime  = 7200

[sip-auth-failure]
enabled  = false
port     = 5060:5091
protocol = all
filter   = sip-auth-failure
logpath  = /var/log/freeswitch/freeswitch.log
#logpath  = /usr/local/freeswitch/log/freeswitch.log
action   = iptables-allports[name=sip-auth-failure, protocol=all]
maxretry = 6
findtime = 60
bantime  = 7200

[fusionpbx-404]
enabled  = false
port     = 5060:5091
protocol = all
filter   = fusionpbx-404
logpath  = /var/log/freeswitch/freeswitch.log
#logpath  = /usr/local/freeswitch/log/freeswitch.log
action   = iptables-allports[name=fusionpbx-404, protocol=all]
maxretry = 6
findtime = 60
bantime  = 86400

[fusionpbx]
enabled  = true
port     = 80,443
protocol = tcp
filter   = fusionpbx
logpath  = /var/log/auth.log
action   = iptables-allports[name=fusionpbx, protocol=all]
#          sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
maxretry = 20
findtime = 60
bantime  = 3600

[fusionpbx-mac]
enabled  = true
port     = 80,443
protocol = tcp
filter   = fusionpbx-mac
logpath  = /var/log/syslog
action   = iptables-allports[name=fusionpbx-mac, protocol=all]
#          sendmail-whois[name=fusionpbx-mac, dest=root, sender=fail2ban@example.org] #no smtp server installed
maxretry = 10
findtime = 60
bantime  = 86400

[nginx-404]
enabled  = true
port     = 80,443
protocol = tcp
filter   = nginx-404
logpath  = /var/log/nginx/access*.log
action   = iptables-allports[name=nginx-404, protocol=all]
bantime  = 3600
findtime = 60
maxretry = 300

[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 300 pages in 60 seconds, or 5p/s average, is suspicious)
enabled  = true
port     = 80,443
protocol = tcp
filter   = nginx-dos
logpath  = /var/log/nginx/access*.log
action   = iptables-allports[name=nginx-dos, protocol=all]
findtime = 60
bantime  = 86400
maxretry = 800