Extended firewall rules

Dear all,
my webserver on freepbx is running on port 80 (no letsencrypt configured). The directory /var/www/html includes some php scripts which lookup numbers and names from the contacts database (for yealink phones which hold those php-urls). This means that the yealink-phones finally are looking up names on incoming calls themselfes without loading the pbx-cpu, which was the final goal.
Phones-CIDR (e.g. 192.168.0.0/27) are firewall marked as internal/trusted.
I don’t want to allow other IPs (e.g. 192.168.0.100) within the LAN to see the php and the 1000’s of customer names in our contacts-db. Just the (allowed) phones shall do it.
Is there a need to use extended firewall rules such as:
-A fpbxinterfaces -p tcp -m mulitport --dport 80,443 -j DROP? Where allowed CIDR is anyway excluded from intrusion detection.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.