One other bit of advice that some people don’t think about is that if you don’t have a good reason for your PBX to be connected to the public internet, it’s a good idea just to keep it behind your firewall (if possible). Some use cases require external public access, but you definitely minimize a whole class of potential problems if you don’t have it publicly accessible.
I have my PBX on a vps server so it have external public access. i tryed to used issabel firewall rules but dont works fine. when i ennable firewalld from Centos i dont have access to the vps
the solution was deny all ips and only allow operators to be able to login in their extensions. i use issabel firewall and now works fine. Thank you to all