Now, combine this filter with a jail entry which blocks an IP address if too many failed INVITEs or REGISTERs are received within a certain period of time.

The /etc/jail.conf file may get overwritten when upgrading Fail2Ban. Create a /etc/fail2ban/jail.local file with the following data in it, setting the correct path to *your* freeswitch.log file (maybe yours is in /usr/local/freeswitch/log/freeswitch.log), and adjust the sender email address to your setup:

[freeswitch] 
enabled  = true 
port     = 5060,5061,5080,5081 
filter   = freeswitch 
logpath  = /var/log/freeswitch/freeswitch.log 
action   = iptables-allports[name=freeswitch, protocol=all] 
sendmail-whois[name=FreeSwitch, dest=root, [email protected]] 
maxretry = 10 
findtime = 60 
bantime  = 600 
# "ignoreip" can be an IP address, a CIDR mask or a DNS host 
ignoreip = 127.0.0.1/8 192.168.2.0/24 192.168.1.0/24 

The earlier settings indicate the use of freeswitch filter and after 10 failed INVITE or REGISTER authorization attempts (maxretry) within a 60 second period, blocks the IP address of the offender and send an alert mail. If the filter is met (meaning 10 failed INVITE or REGISTER authorization attempts occur) within a 60 seconds period, the offending IP address will be banned in full for 600 seconds (ten minutes) and an alert mail will be sent to the configured administrator address.