Cut down on Fail2Ban occourances with GeoIP Filtering

Fail2ban is a great way to protect your system but one way to easily cut down on brute-force attempts is to mitigate the area in which users can access those ports.

For me, I do not need international calling, so I will be blocking all NON-US Subnets.

Specifically for FreePBX (CENTOS)

yum install kernel-devel-`uname -r` iptables-devel kernel-headers-`uname -r`

rpm -Uvh

yum install gcc gcc-c++ make automake unzip zip perl perl-Text-CSV_XS xz 

cd /opt 
tar xvf xtables-addons-1.37.tar.xz
cd xtables-addons-1.37/

nano mconfig

make install

cd geoip/


./xt_geoip_build GeoIPCountryWhois.csv

mkdir -p /usr/share/xt_geoip/

cp -r {BE,LE} /usr/share/xt_geoip/

iptables -I INPUT -m geoip --src-cc US -j ACCEPT
iptables -I INPUT -s -j ACCEPT
iptables -I INPUT -s -j ACCEPT
iptables -I INPUT -s -j ACCEPT
iptables -P INPUT DROP

I’m not going to give extreme details, that information already exists.

Say Something Nice