I am installing the firewall module on all my systems, but I am not using it. It is in disabled mode. So, If the firewall module is installed but not enabled, would it be possible to use the Intrusion Detection page like it was possible in the system admin module?
I will see that with @lgaetz
As I.D has been moved into the Firewall tab. There is no tab when the firewall module is disabled indeed.
Please wait our feedback.
Poll/Vote: that if you have the firewall enabled, it should by default sync the fail2ban data.
(Now you have to go into the settings to enable synchronization)
That is what I was referring to. Even if I still can manually configure fail2ban and iptables, it seems that FreePBX’s intrusion detection features will not work if the firewall module is not installed.
@danardf - One minor note - my first instinct was to enter a comma-delimited list when entering addresses in the “Custom Whitelist” field (like a pjsip match/permit entry).
Suggest at least adding some “enter ip one per line” help text or parse for comma delimited entry.
Geoblocking is still effective. It can reduce log noise by orders of magnitude. Most US soho installs will be fine only allowing north american IPs.
Of course you have to know your audience. Not so great if there is a lot of international travel.
Most importantly never assume it’s any sort of real security. Geoblocking can be great to reduce log noise, load on fai2ban, etc - but the system needs to be secure without relying on it.
We use DO a lot, a simple “DO native” firewall that includes allows for your UDP/randomport TCP/randomport TCP/5061 and also your various recalcitrant VSP’s 5060/‘Incoming servers’ and you can watch sngrep all day and all night and never get a bogus INVITE. Try it , you’ll like it
edit:-
Of course you can replace the mentioned firewall with any competent up stream firewall that can ‘do that stuff’ . Personally I would be reticent to use the software firewall of the ‘distro’ (which is not available to me anyway as yet) given it has acquired a kinda scary anecdotal reputation of either not starting or arbitrarily stopping/not restarting under certain circumstances , hopefully fixed at the eventual culmination of this thread