(Posting this here because the github for firewall doesn’t have the issues tab enabled.)
Nice module, Rob, thanks for this responsive firewall, seems to be a basic requirement, loose enough to let users devices log in straight away without making them provide their IP address via port knocker before even trying to log in.
After a quick look at the firewall code on github, it appears the system admin functions used by the responsive freepbx voipfirewall appear to be minimal, mostly to get settings, and generate the fail2ban config.
- Gets the GPG object to use for checking the hashes of code files before running them,
- Gets the web root directory path for the asterisk management port aka freepbx web app,
- Gets the ports used by all the services enabled on the pbx. the web portal itself, rtp, sip, pjsip, webrtc, smb, nfs, iax, ssh, nodjs, http provision, restapps, xmpp, tft*p, VPN, UCP, all of them. And categorizes them into zones like external, other, internal.
- fail2ban-generate and fail2ban-start scripts.
I could be wrong, but it seems like it doesn’t really use a lot of function to get data from the sysadmin module, so it shouldn’t be too too hard to replace with a basic substitute minimal open source version.
If this isn’t right please share your thoughts. Share them either way actually.