I mean, outside of using MAC address (which can be spoofed pretty easily or randomized) you basically made the firewall do what it does by default. Block all those unless they are part of trusted networks.
So…good job replicating the default firewall.
I understand your irony.
Then try to block spammers and bots from China and other countries. You will have fun. Actually, if something does not suit you, these are your difficulties. You can use the tools you are used to and there is absolutely no need to idealize them.
On one system where the admin wanted a more open web interface (that is, no whitelisting) I added an ipset filter that only allows US IP ranges, based on the MaxMind GeoIP data. Of course this is kind of ridiculous and hard to maintain because IPv4 is being traded, bought and sold everywhere and ARIN isn’t necessarily keeping up with allocated ranges that are used outside ARIN territory. Nevertheless that’s what we ended up with and it keeps out the majority of non-US traffic.
It is trivial to add this using your own ipset script and putting the filter in the custom rules of the FreePBX firewall. So there is no need to do “either” FreePBX firewall or custom; you can easily do both.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.