I learned that Firewall module, although Open Source is not possible to use without licensing.
i want to test configuration I plan to create and for that I need to expose FreePBX to public Internet.
From horror stories I learned about, without Firewall, FreePBX is vulnerable to easy hacking.
Are there other methods to make it secure?
Configure the LInux firewall directly.
Install and configure fail2ban directly.
Have good perimeter security (don’t let the attackers past your routers).
Note that the main use firewalling on Asterisk machines is to rate limit password guessing. You still need strong passwords, and to not give provider trunks (which don’t normally support passwords inbound) the ability to make chargeable outbound calls.
The firewall module is just using iptables. I disable it and use my own iptables rules.
If you’re running from a cloud platform, use cloud firewall, AWS security groups, etc.
Main vulnerability would be configuration access (SSH, HTTP/HTTPS) in my opinion and these you can usually apply a narrow filter (IP of your office, for example). Vulnerability of SIP is overstated. You may want to leave SIP ports unfiltered so that mobile clients can connect. That’s ok. Set strong extension passwords and turn off the SIP Anonymous features in Asterisk SIP Settings.
is an easy to configure iptables firewall that handle port scanning/flooding detection and a lot more.
Don’t be tempted to use the default UDP:5060 for your extensions transport, way over 99% of all SIP penetraions are on that connection, TLS is much better and even just using TCP reduces your exposed surface hugely.