Cut down on Fail2Ban occourances with GeoIP Filtering

Fail2ban is a great way to protect your system but one way to easily cut down on brute-force attempts is to mitigate the area in which users can access those ports.

For me, I do not need international calling, so I will be blocking all NON-US Subnets.

Specifically for FreePBX (CENTOS)

yum install kernel-devel-`uname -r` iptables-devel kernel-headers-`uname -r`

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

yum install gcc gcc-c++ make automake unzip zip perl perl-Text-CSV_XS xz 

cd /opt 
wget http://downloads.sourceforge.net/project/xtables-addons/Xtables-addons/xtables-addons-1.37.tar.xz
tar xvf xtables-addons-1.37.tar.xz
cd xtables-addons-1.37/

nano mconfig
#build_RAWNAT=m
#build_SYSRQ=m
#build_ipset6=
#build_length2=m


./configure
make
make install


cd geoip/

./xt_geoip_dl

./xt_geoip_build GeoIPCountryWhois.csv

mkdir -p /usr/share/xt_geoip/

cp -r {BE,LE} /usr/share/xt_geoip/

iptables -I INPUT -m geoip --src-cc US -j ACCEPT
iptables -I INPUT -s 192.168.0.0/16 -j ACCEPT
iptables -I INPUT -s 172.31.0.0/12 -j ACCEPT
iptables -I INPUT -s 10.0.0.0/8 -j ACCEPT
iptables -P INPUT DROP
iptables-save

I’m not going to give extreme details, that information already exists.

Say Something Nice