Firewall and security

would it be possible to block all other IP addresses expect the ones coming from twilio sip trunk

You mean on the FreePBX firewall?

Yes, for example I see [2017-12-01 05:29:52] NOTICE[9277] chan_sip.c: Registration from ‘“12” sip:[email protected]’ failed for ‘195.154.230.49:5684’ - Wrong password I added it to the blacklist on the ip address but is there a way to block all unwanted traffic. all my traffic should only come via twilio sip. is there a way to only allow the ip list fro twilio and automatically reject everything else

The FreePBX Firewall is ‘deny by default’ (except for the RTP port range) so you’ve either enabled Responsive firewall or it is misconfigured.
https://wiki.freepbx.org/display/FPG/Firewall

should I worry when I see something like this:

[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:17] Set(“SIP/71.223.123.158-00001c9a”, “__CRM_SOURCE=root”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:18] Set(“SIP/71.223.123.158-00001c9a”, “__CRM_LINKEDID=1512355939.7322”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:19] ExecIf(“SIP/71.223.123.158-00001c9a”, “1?Set(CHANNEL(hangup_handler_push)=crm-hangup,s,1)”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:20] Goto(“SIP/71.223.123.158-00001c9a”, “ext-trunk,2,1”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Goto (ext-trunk,2,1)
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:1] Set(“SIP/71.223.123.158-00001c9a”, “TDIAL_STRING=SIP/TwilioTrunk”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:2] Set(“SIP/71.223.123.158-00001c9a”, “DIAL_TRUNK=2”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:3] Goto(“SIP/71.223.123.158-00001c9a”, “ext-trunk,tdial,1”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Goto (ext-trunk,tdial,1)
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:1] Set(“SIP/71.223.123.158-00001c9a”, “OUTBOUND_GROUP=OUT_2”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:2] GotoIf(“SIP/71.223.123.158-00001c9a”, “1?nomax”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Goto (ext-trunk,tdial,4)
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:4] ExecIf(“SIP/71.223.123.158-00001c9a”, “1?Set(CALLERPRES(name-pres)=allowed_not_screened)”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:5] ExecIf(“SIP/71.223.123.158-00001c9a”, “1?Set(CALLERPRES(num-pres)=allowed_not_screened)”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:6] Set(“SIP/71.223.123.158-00001c9a”, “DIAL_NUMBER=880048468881019”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:7] GosubIf(“SIP/71.223.123.158-00001c9a”, “0?sub-flp-2,s,1()”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:8] Set(“SIP/71.223.123.158-00001c9a”, “OUTNUM=880048468881019”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:9] Set(“SIP/71.223.123.158-00001c9a”, “DIAL_TRUNK_OPTIONS=T”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [[email protected]:10] Dial(“SIP/71.223.123.158-00001c9a”, “SIP/TwilioTrunk/880048468881019,300,T”) in new stack

I keep seeing this from difrent ip addresses. trying to come in on some how making outbnound calls, how ever because twilio requires specific outbound caller ID the call does not go trough. I just add the ip to the blocklist and wait for the next waive. I have responsive firewall enable but not sure what I am missing. Any help will be appreciated

run thru the firewall wizards, accept the defaults and it will auto-block this kind of crap. you can then whitelist your carrier’s IP in the trusted zone

I have re-ran the wizard and ti does not seem to be stopping it. could something like the article below work\help me Hacking Important, but fail2ban doesn't act; Failed to authenticate device.