I am thinking of using the firewall and responsive firewall in FreePBX. What is the normal setup for my hardware router? Should I just allow all traffic to the PBX on a SNAT from external IP to internal address and then just let the PBX sort it all out, or should I be limiting the ports on my policy to just what is needed? If the former, happy days, no more pin holes! If the latter what ports should I be opening?
Thanks for that. i assume with the pinhole route, I have to be spot on for what my provider wants in terms of ports open too, whereas with everything open it will take whatever RTP range they want to throw at me
Turned the firewall on, and it already has 3 attackers in the banned list, only problem is I can still see him attacking. Does the firewall not actually block the attacker?
I assume the odd non-critical invite transaction timeout is a product of these “interventions” from the attackers?
In my setup what i do is when freepbx firewall blocks an attacker, i hard code it into the main firewall to block it in the future before it hits Freepbx again.