We want to block IMCP for better security. We host PBX’s in the cloud and would like this for an extra layer of security. I read the link below, is that still the best method?
Blocking ICMP will not improve security.
If you insist on it though, only block echo requests: https://www.layerstack.com/resources/tutorials/How-to-enable-and-disable-Ping-from-IPTables-on-Linux-Cloud-Servers
Do not block all of ICMP. It subtly breaks your network.
2 Likes
Agreed do NOT block icmp it is at best security theater. When I scan anything I do a syn scan which tells me you are present on the port of my choosing. During the voipms mess I syn scanned all of their pops on 5060 to see what was responding.
This is is a purely Linux thing. The version of the kernel may matter, but the version of Asterisk is totally irrelevant, as is that of FreePBX.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.