That rule in
/etc/fail2ban/filter.d/asterisk.conf is supposed to catch anonymous calls that tries to call you from nowhere :
^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP connection from <HOST>"$
But it doesn’t work. I’ve tons of such messages in my logs that don’t trigger the filter :
"Rejecting unknown SIP connection from 184.108.40.206:52420"
I guess that the port mentioned after the IP that keeps the regex matching the string. Fixing it will probably be a piece of cake for @stephdl ?