Freepbx16 firewall custom prot

[[email protected] ~]# fwconsole firewall --version
FW Console - FreePBX Utility 16.0.33

I have some custom programs that use tcp4444 and udp5061
The port suddenly becomes unavailable at the moment of firewall startup
Can freepbx firewalls open custom ports

https://wiki.freepbx.org/display/FPG/Firewall+Custom+Rules

thanks
i found it
vi /etc/firewall-4.rules
-I INPUT -p udp --dport 5061 -j ACCEPT

Does this not problem with the security of pjsip:tcp:5061?

No because the rule refers only to UDP (but UDP/5061 is probably the second target of all the hackers out there :slight_smile: )

Indeed, UDP 5061 is quite popular. See survey

Let me explain
I closed port 5060tcpudp
tcp 5061 is my sips port using fail2ban and freepbxfirewall, it is very important. There are many violent attacks from Russia IP…
udp5061 is other game port,this program has no vulnerabilities
The two programs are not connected

I think this firewall configuration haven’t security risk.
But the freepbx firewall is very special, and I’m not sure if it can distinguish between TCP and UDP on the same port.

Iptables can distinguish between udp and tcp if you leave udp/5061 open for whatever reason, expect lots of unwelcome connection attempts

This is done directly in the GUI under services, custom services tab
https://wiki.freepbx.org/display/FPG/Firewall+Services

Is there any tool that can simulate a SIP brute force attack.

The security department doesn’t know