Configure FusionPBX Fail2Ban

When connecting to FusionPBX, if you have Fail2Ban installed and enabled on the same server, you may need to check if Ringotel IPs were not put in the Fail2Ban “jails”.

You can view the IP addresses blocked by Fail2ban with the following command:

iptables -L -n

Then, check "sip-auth-fail" and "sip-auth-ip" chains in your firewall rules list. For example:

Chain sip-auth-fail (1 references) target prot opt source destination DROP all -- 54.144.152.6 0.0.0.0/0 Chain sip-auth-ip (1 references) target prot opt source destination DROP all -- 54.144.152.6 0.0.0.0/0

If you find Ringotel IPs in the “jail(s)” you will need to delete them from there. If you have only one rule in the chain(s), you can try to flush the "sip-auth-fail" and/or "sip-auth-ip" chains with these commands iptables -F sip-auth-fail and/or iptables -F sip-auth-ip.

In addition, exclude Ringotel IPs so that they aren't blocked by any filters. For this, edit the jails.conf file:

nano /etc/fail2ban/jail.conf

Find ignoreip parameter and add Ringotel IPs that need to be white listed (the list of IPs depends on the regions where you create Ringotel organizations). Restart fail2ban to apply changes to the ignoreip list. For example:

Please refer to the official FusionPBX and Fail2Ban documentation for further details.

Important: Do not add Ringotel IPs to your FusionPBX ACL as this may cause outbound calls to not work. For your phone system, Ringotel is a SIP client, similar to an IP phone or softphone.