I’m thinking of limiting access to my freepbx box by simply using a deny all then allow only my phone and peer IP’s.
If I disable Fail2Ban (not sure best way to do it) will it break something in the FreePBX GUI?
fail2ban is not a replacement for iptables it is an additional set of chains added to it, if you know what you are doing then your suggestion is achievable as fail2ban adds itself to the extant iptables and you can rely on your own rules , however there is no problem leaving it in place as it can be configured to protect a whole slew of services you probably don’t even know you are using.
However denying all and allowing only your stuff will almost certainly cause problems unless you know exactly what you are doing, it is very complicated to properly set up, you would likely have no notifications, no time service, no updates, no DNS, no email . . . the list goes on, look into using an easy front end to iptables as a firewall, I use CSF, but there are other choices.
Fair enough, didn’t think about DNS, email, etc… I’ll just leave as is I guess… Just hate seeing so many attempted hacks on a machine under week old…
You might want to read
Great read, lots of info, thanks much.