Firewall around configuration interface in 17

Breaking this out from a post in another thread:

Moving a bit further, is binding the config interface to localhost and then tunneling over SSH the best “default” solution?

What breaks in that situation? UCP?

The FreePBX firewall allows you to open or close admin GUI access as much as you like. You can set up the firewall immediately after deploying FreePBX. Having access initially open is the right default.

I understand your perspective. You work with Ansible, you script your installs, you are comfortable with SSH. Look around the forum and you’ll see most users would just be stumped by an SSH-tunnel-by-default config.


Point well taken, thank you.