Hello, are hostnames (e.g. location1.domain.com) and IP addresses (64.25.14.1) both allowed in the Intrusion Detection whitelist? Need to always permit the premise phones to access the hosted FPBX v14. Thanks to all…
I use hostnames in that list, but what I’m not sure about is if they get updated if the hostname updates to point to a new address.
Matthew, thanks for your reply/input.
Maybe someone from Sangoma can provide information on the matter.
The way that DNS works might not give you the result you are thinking you want.
When a name resolves (in most applications) you get a single address for the name. If there is more than one address for the name, you have a 50/50 chance of getting the address you are looking for. There are some ways to mitigate this, but (in general) the FQDN will work as well as the IP address, but in some cases, it will give you a false response that may or may not work the way you are expecting.
This is one of the reasons Chan-SIP is being deprecated - once it grabbed an address for a host name, it wouldn’t recheck the name and would lock up if the host disappeared (like if you move from Starbucks to McDonalds with your free WiFi).
I think what @jtuttle is trying to accomplish is to put a dynamic hostname into the intrusion detection portion to allow the public dynamic IP at a location to always be whitelisted.
There are places in the Responsive Firewall and UCP that allow for this with Dynamic Addresses. I’m not sure it will work the way you want it to in the Intrusion Detection portion of the System Admin function, though.
iptables will do a DNS lookup but it will do the lookup when it is started/restarted/stop-start/etc. So if you are using a FQDN for DDNS then if that IP changes and iptables hasn’t been restarted it will continue to only know the other IP for the domain.
1 Like
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.