Firewall and security

Zirwo01 · December 1, 2017, 2:29am

would it be possible to block all other IP addresses expect the ones coming from twilio sip trunk

avayax · December 1, 2017, 10:48am

You mean on the FreePBX firewall?

Zirwo01 · December 1, 2017, 2:19pm

Yes, for example I see [2017-12-01 05:29:52] NOTICE[9277] chan_sip.c: Registration from ‘“12” sip:[email protected]’ failed for ‘195.154.230.49:5684’ - Wrong password I added it to the blacklist on the ip address but is there a way to block all unwanted traffic. all my traffic should only come via twilio sip. is there a way to only allow the ip list fro twilio and automatically reject everything else

lgaetz · December 1, 2017, 2:28pm

The FreePBX Firewall is ‘deny by default’ (except for the RTP port range) so you’ve either enabled Responsive firewall or it is misconfigured.
https://wiki.freepbx.org/display/FPG/Firewall

Zirwo01 · December 4, 2017, 3:11am

should I worry when I see something like this:

[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [s@ext-did:17] Set(“SIP/71.223.123.158-00001c9a”, “__CRM_SOURCE=root”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [s@ext-did:18] Set(“SIP/71.223.123.158-00001c9a”, “__CRM_LINKEDID=1512355939.7322”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [s@ext-did:19] ExecIf(“SIP/71.223.123.158-00001c9a”, “1?Set(CHANNEL(hangup_handler_push)=crm-hangup,s,1)”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [s@ext-did:20] Goto(“SIP/71.223.123.158-00001c9a”, “ext-trunk,2,1”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Goto (ext-trunk,2,1)
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [2@ext-trunk:1] Set(“SIP/71.223.123.158-00001c9a”, “TDIAL_STRING=SIP/TwilioTrunk”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [2@ext-trunk:2] Set(“SIP/71.223.123.158-00001c9a”, “DIAL_TRUNK=2”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [2@ext-trunk:3] Goto(“SIP/71.223.123.158-00001c9a”, “ext-trunk,tdial,1”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Goto (ext-trunk,tdial,1)
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [tdial@ext-trunk:1] Set(“SIP/71.223.123.158-00001c9a”, “OUTBOUND_GROUP=OUT_2”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [tdial@ext-trunk:2] GotoIf(“SIP/71.223.123.158-00001c9a”, “1?nomax”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Goto (ext-trunk,tdial,4)
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [tdial@ext-trunk:4] ExecIf(“SIP/71.223.123.158-00001c9a”, “1?Set(CALLERPRES(name-pres)=allowed_not_screened)”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [tdial@ext-trunk:5] ExecIf(“SIP/71.223.123.158-00001c9a”, “1?Set(CALLERPRES(num-pres)=allowed_not_screened)”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [tdial@ext-trunk:6] Set(“SIP/71.223.123.158-00001c9a”, “DIAL_NUMBER=880048468881019”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [tdial@ext-trunk:7] GosubIf(“SIP/71.223.123.158-00001c9a”, “0?sub-flp-2,s,1()”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [tdial@ext-trunk:8] Set(“SIP/71.223.123.158-00001c9a”, “OUTNUM=880048468881019”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [tdial@ext-trunk:9] Set(“SIP/71.223.123.158-00001c9a”, “DIAL_TRUNK_OPTIONS=T”) in new stack
[2017-12-03 19:52:19] VERBOSE[11024][C-00000e5b] pbx.c: – Executing [tdial@ext-trunk:10] Dial(“SIP/71.223.123.158-00001c9a”, “SIP/TwilioTrunk/880048468881019,300,T”) in new stack

I keep seeing this from difrent ip addresses. trying to come in on some how making outbnound calls, how ever because twilio requires specific outbound caller ID the call does not go trough. I just add the ip to the blocklist and wait for the next waive. I have responsive firewall enable but not sure what I am missing. Any help will be appreciated

nickcasa · December 4, 2017, 1:59pm

run thru the firewall wizards, accept the defaults and it will auto-block this kind of crap. you can then whitelist your carrier’s IP in the trusted zone

Zirwo01 · December 4, 2017, 2:41pm

I have re-ran the wizard and ti does not seem to be stopping it. could something like the article below work\help me Hacking Important, but fail2ban doesn't act; Failed to authenticate device.