Responsive Firewall Question

freepbx
Tags: #<Tag:0x00007f7028253bc8>

(John) #1

I probably don’t understand enough of how the responsive firewall works so I’m sure I’m doing something wrong.

I have my NIC with my public IP setup as an untrusted internet interface.
I have all the protocols disabled in the responsive firewall section.

In order for my external devices to first “register” with the server I have to enable my SIP protocol. Once the device has done it’s initial registration I can go back and disable the protocol and the remote device continue to work even after reboots.

If I move the device to a different location I have to repeat the previous steps for it to register.

If I leave the protocol enabled all the time I get a lot of anonymous sip connections (which is dropped by freepbx but it’s showing up in the logs and I’m trying to keep everything clean)


(Lorne Gaetz) #2

What’s the question?

The responsive feature works by allowing a limited amount of untrusted traffic thru to Asterisk, which by design means you will have log entries for this. If you don’t want that, then the alternative is to white list the allowable IPs in advance on the Networks tab.


(John) #3

Thanks Lorne,
So I’m guessing the behavior of allowing the SIP protocol and then seeing a few log entries every now and then of unsolicited traffic is the expected behavior?


(Lorne Gaetz) #4

Yes. Disable Allow Guests and Allow Anon in Asterisk SIP Settings, and your logs will be as quiet as they can be, but you will see untrusted traffic initially until the Firewall blocks them.


(system) closed #5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.