[root@freepbx ~]# fwconsole firewall --version
FW Console - FreePBX Utility 16.0.33
I have some custom programs that use tcp4444 and udp5061
The port suddenly becomes unavailable at the moment of firewall startup
Can freepbx firewalls open custom ports
i found it
-I INPUT -p udp --dport 5061 -j ACCEPT
Does this not problem with the security of pjsip:tcp:5061?
No because the rule refers only to UDP (but UDP/5061 is probably the second target of all the hackers out there
Indeed, UDP 5061 is quite popular. See survey
In theory, but in the real world admins (for example) set up trunks with from-internal context or test extensions with very weak passwords, or simply make mistakes. Numerous cases of SIP exploits have been documented in this forum.
There are many ways to gain additional protection, including avoiding SIP over UDP altogether, filtering by domain name (trivial but unpopular here, for reasons that make no sense to me), using various static or dynamic block lists (complex and IMO not very secure)…
Let me explain
I closed port 5060tcpudp
tcp 5061 is my sips port using fail2ban and freepbxfirewall, it is very important. There are many violent attacks from Russia IP…
udp5061 is other game port,this program has no vulnerabilities
The two programs are not connected
I think this firewall configuration haven’t security risk.
But the freepbx firewall is very special, and I’m not sure if it can distinguish between TCP and UDP on the same port.
Iptables can distinguish between udp and tcp if you leave udp/5061 open for whatever reason, expect lots of unwelcome connection attempts
This is done directly in the GUI under services, custom services tab
Is there any tool that can simulate a SIP brute force attack.
The security department doesn’t know
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.