I just installed FreePbx 126.96.36.199 and enabled NAT on selected extensions so my remote extensions can connect to my freepbx server. My remote extensions are apps installed on mobile devices and they connect to the internet either through 4G or any available internet connection which means I don’t know their ip addresses before hand. I am getting a warning on my dashboard because I excluded the interface connected to the internet from the firewall so my remote extensions can connect to my server. I already changed the SIP port from the default 5060. I don’t want my server to get hacked, what is the best way to setup security for my server?
The responsive firewall is what you need. Turn it on and if your clients successfully register their IP will be whitelisted.
Anyone else that sends enough junk packets will be blocked.
Yes but since the ip address will change each time a network changes between WiFi and 4G and since neither have a static public ip the firewall will keep blocking the connection each time the network switches.
No. That is what responsive is for, it allows a limited number connections from untrusted hosts: