I recently installed Asterisk 13 on a Debian 8 server. I noticed that when I installed Fail2ban it already had the Asterisk filters built in.
Also the standard config worked out of the box with no changes other than flipping false to true.
It wasn’t for a few days that I noticed I was getting ‘already banned’ in the logs. I thought this is odd, if Fail2ban is blocking these IPs, how can they still be getting through.
I did a little investigation and notice ‘action.d/iptables-blocktype.conf’ was set to ‘blocktype = REJECT –reject-with icmp-port-unreachable’.
I changed it to ‘blocktype = DROP’ and everything is working as it should.
I still also have a black hole setup for inbound calls, that sends the IP to a bash script that DROPs the IP.