Hello, I wonder how do I edit or add rules in iptables distro FreePBX. For command line it? I need to script when the machine restart?
Thanks!
I recognize this is an old post, but it shows up in google, so I’m going to answer it the way I did it.
Also, there are a number of posts in this forum regarding this topic:
But I didn’t see a GOOD answer.
I used to use PIAF and this was one of my favorite parts. With the Freepbx distro, I’ve tested it out of the gate with its vanilla configs and fail2ban wasn’t actually banning. Even configured with the module in the wui, it wasn’t banning and I wasn’t getting email alerts.
I’ve used “travelin’ man” in the past to configure iptables for certain remote access purposes. I tested it on the freepbx distro, and it’s working GREAT:
Here’s what I suggest: Travelin’ Man 3: Securing a PBX in a Flash or VoIP in the Cloud Server – Nerd Vittles
Follow the info there, or just do this:
cd /root
wget http://incrediblepbx.com/travelinman3.tar.gz
tar zxvf travelinman3.tar.gz
yum -y install bind-utils
./secure-iptables
You will also want to run the following command, otherwise fail2ban won’t run:
touch /var/log/fail2ban.log
service fail2 ban restart
Then configure fail2ban:
vi /etc/fail2ban/jail.conf
After running the installer, you will also be able to utilize iptables in conjunction with dyndns to remotely connect a softphone or to the web url from dynamic locations if you decide that this is more important that blocking those ports within your gateway firewall.
In addition, fail2ban actually works well.
Take anyone’s advice, though, do not completely rely upon iptables, you should have your server behind a solid firewall. However, I think it’s always helpful to have backup–from a working iptables and fail2ban chain designed for asterisk voip services in mind.