From 53b9f40b40d104d99600c26ca099748a291c6376 Mon Sep 17 00:00:00 2001
From: DigiDaz <DigiDaz@users.noreply.github.com>
Date: Sun, 29 May 2016 01:39:14 +0100
Subject: [PATCH] Make ban action more reflective of the attack type (#13)

---
 debian/resources/fail2ban/jail.local | 50 +++++++++++++++++++++++-----
 1 file changed, 42 insertions(+), 8 deletions(-)

diff --git a/debian/resources/fail2ban/jail.local b/debian/resources/fail2ban/jail.local
index 5fd45b2..c9a6949 100644
--- a/debian/resources/fail2ban/jail.local
+++ b/debian/resources/fail2ban/jail.local
@@ -1,33 +1,67 @@
-[freeswitch]
+[freeswitch-udp]
 enabled  = true
 port     = 5060,5061,5080,5081
 protocol = all
 filter   = freeswitch
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-allports[name=freeswitch, protocol=all]
+action   = iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]
 maxretry = 5
 findtime = 600
 bantime  = 600
 #          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
 
-[freeswitch-ip]
-enabled	 = true
+[freeswitch-tcp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
+maxretry = 5
+findtime = 600
+bantime  = 600
+#          sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
+
+[freeswitch-ip-tcp]
+enabled  = true
 port     = 5060,5061,5080,5081
 protocol = all
 filter   = freeswitch-ip
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-allports[name=freeswitch-ip, protocol=all]
+action   = iptables-multiport[name=freeswitch-ip-tcp, port="5060,5061,5080,5081", protocol=tcp]
 maxretry = 1
 findtime = 30
 bantime  = 86400
 
-[freeswitch-dos]
+[freeswitch-ip-udp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-ip
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp]
+maxretry = 1
+findtime = 30
+bantime  = 86400
+
+[freeswitch-dos-udp]
 enabled  = true
 port     = 5060,5061,5080,5081
 protocol = all
 filter   = freeswitch-dos
 logpath  = /var/log/freeswitch/freeswitch.log
-action   = iptables-allports[name=freeswitch-dos, protocol=all]
+action   = iptables-multiport[name=freeswitch-dos-udp, port="5060,5061,5080,5081", protocol=udp]
+maxretry = 50
+findtime = 30
+bantime  = 6000
+
+[freeswitch-dos-tcp]
+enabled  = true
+port     = 5060,5061,5080,5081
+protocol = all
+filter   = freeswitch-dos
+logpath  = /var/log/freeswitch/freeswitch.log
+action   = iptables-multiport[name=freeswitch-dos-tcp, port="5060,5061,5080,5081", protocol=tcp]
 maxretry = 50
 findtime = 30
 bantime  = 6000
@@ -42,7 +76,7 @@ action   = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
 #          sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
 maxretry = 10
 findtime = 600
-bantime  = 600	
+bantime  = 600
 
 [nginx-404]
 enabled  = true