One of the goals of FreePBX 16 is a review and update for FreePBX security settings. Today, a major aspect of that work has been published to edge for FreePBX 14 and 15 Firewall module. These latest changes are mostly the work of @danardf, and you can read his blog post here:
FreePBX historians (if there be such a thing) will recall that it was right around 5 years ago that the FreePBX firewall made its debut. It was the work product of @xrobau and it came shortly after the merger of Schmoozecom and Sangoma. From a security point of view, the Firewall module was a game changer, I can barely remember the good ol’ days when security was largely delegated to an external firewall or trying to bolt-on third party firewall managers.
Today’s edge version marks the next milestone in the Firewall project. There is now tight integration between the Firewall module and fail2ban. Anyone in a position to do so is strongly encouraged to give it a spin and report back with your findings.
If you want to give the changes a try, you can upgrade using
fwconsole ma upgrade sysadmin firewall --edge