Blacklisting calls from asterisk/asterisk?

I think many of us have seen the situation where some script kiddie comes into the system from some random IP address showing a caller ID of “asterisk” for both number and name. If you can’t use a “whitelist” at your firewall to prevent such calls (because you have external extensions at non-fixed IP addresses), then your first line of defense is probably fail2ban, which works well but still lets the neer-do-wells make 2-3 attempts (or more sometimes) before fail2ban shuts them down. It occurred to me that one thing that might help is to blacklist calls from “asterisk” but the FreePBX Blacklist page won’t let you add a non-numeric value. Asterisk apparently has no such limitation, so from the CLI you can do this:

database put blacklist asterisk 1

And it will add “asterisk” to the blacklist. My question is, is there some reason the FreePBX “Blacklist” page doesn’t allow such a value to be entered? I grant it’s easy enough to do it from the CLI but it seems like you should be able to do it from the “Blacklist” page also. And I do grant that the script kiddies will probably just start using some other fake caller ID, but at least this hopefully gets rid of this one specific annoyance.

You do not have to use port 5060 for SIP.
You should also use allowguest=no.

Since I originally posted this, I found out about the “FreePBX Swiss Army Knife Module” that will let you do this.

Yes and it’s been addressed in 2.10, meaning you are allowed to add any value you want.