From 7346df61a36ea664c9877de0ac8eb6740ab28ceb Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Wed, 3 Feb 2021 17:38:10 -0700
Subject: [PATCH] New fail2ban filter for Rejected by register acl

---
 debian/resources/fail2ban/freeswitch-acl.conf | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 debian/resources/fail2ban/freeswitch-acl.conf

diff --git a/debian/resources/fail2ban/freeswitch-acl.conf b/debian/resources/fail2ban/freeswitch-acl.conf
new file mode 100644
index 0000000..9fe8e4e
--- /dev/null
+++ b/debian/resources/fail2ban/freeswitch-acl.conf
@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+#2021-02-03 16:27:57.292697 [WARNING] sofia_reg.c:2353 IP 62.210.78.91 Rejected by register acl "domains"
+failregex = \[WARNING\] sofia_reg.c:\d+ IP <HOST> Rejected by register acl
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =