@JaredBusch fair enough, I haven't used the product itself as of yet and wasn't aware it had whitelisting inside the product, if this was specific to just fail2ban then that method would be suitable, but in this case I agree with you, my mistake.
I came across that article and it's the most promising. Though it's still a iptables based fail2ban configuration. I'm not sure if it's as simple as changing the references to iptables or if tweaking it to work with firewalld is more involved.
I suppose an option is to disable firewalld and install iptables. I've done that before in the past.
That's probably what they did, because you need to disable firewalld to enable iptables.
[[email protected] ~]# cat /etc/fail2ban/jail.local
# Configuration automatically generated via the Sysadmin Module
# This file will be overwritten by Sysadmin on startup. If you modify
# this file, your changes will be lost. DO NOT MODIFY THIS FILE!
# generated: Thu, 21 Jun 2018 02:53:21 +0000
ignoreip = 127.0.0.1
bantime = 3600
findtime = 600
maxretry = 5
backend = auto
enabled = true
filter = asterisk-security
action = iptables-allports[name=SIP, protocol=all]
sendmail[name=SIP, [email protected], [email protected]]
logpath = /var/log/asterisk/fail2ban
The free license is limited to five locks per day which means the free edition defends your system against five unique attacks per day. [...] The free license does not contain reporting (like the PRO edition does).
Also, no official support for Windows Server 2016.