March 17, 2023, 1:15am
[email protected] ~]# fwconsole firewall --version
FW Console - FreePBX Utility 16.0.33
I have some custom programs that use tcp4444 and udp5061
The port suddenly becomes unavailable at the moment of firewall startup
Can freepbx firewalls open custom ports
March 17, 2023, 1:30am
March 17, 2023, 1:53am
i found it
-I INPUT -p udp --dport 5061 -j ACCEPT
Does this not problem with the security of pjsip:tcp:5061?
March 17, 2023, 3:10am
No because the rule refers only to UDP (but UDP/5061 is probably the second target of all the hackers out there
March 17, 2023, 4:06am
Indeed, UDP 5061 is quite popular. See survey
In theory, but in the real world admins (for example) set up trunks with from-internal context or test extensions with very weak passwords, or simply make mistakes. Numerous cases of SIP exploits have been documented in this forum.
There are many ways to gain additional protection, including avoiding SIP over UDP altogether, filtering by domain name (trivial but unpopular here, for reasons that make no sense to me), using various static or dynamic block lists (complex and IMO not very secure)…
March 17, 2023, 4:34am
Let me explain
I closed port 5060tcpudp
tcp 5061 is my sips port using fail2ban and freepbxfirewall, it is very important. There are many violent attacks from Russia IP…
udp5061 is other game port,this program has no vulnerabilities
The two programs are not connected
I think this firewall configuration haven’t security risk.
But the freepbx firewall is very special, and I’m not sure if it can distinguish between TCP and UDP on the same port.
March 17, 2023, 4:53am
Iptables can distinguish between udp and tcp if you leave udp/5061 open for whatever reason, expect lots of unwelcome connection attempts
March 17, 2023, 11:47am
This is done directly in the GUI under services, custom services tab
March 27, 2023, 3:48pm
Is there any tool that can simulate a SIP brute force attack.
The security department doesn’t know