Only permitting SIP from remote clients using the correct FQDN?

I was talking with a fellow FreePBX user and he had setup some systems that only permitted remote clients to connect if they used the correct FQDN. If they tried to connect with the direct IP it would be refused. He took off before I could get all the details but mentioned that IPTables was how the restriction was setup.

Anyone know how this might have been accomplished?

The advanced Firewall monitors Dyn addresses?

I only know how to do this on CHAN_SIP.

Settings > Asterisk SIP Settings > Chan SIP Settings

At the bottom of the page, you can add custom values (Other SIP Settings). Add a few new fields and fill them in with:
allowexternaldomains = no
autodomain = yes
domain =
domain =

To be safe, I also added:
alwaysauthreject = yes
(hides the difference between “no user found” and “bad password”, preventing hackers from learning your extension structure)

2 Likes