Routing and DHCP

Warning: Noob Question

We are currently using primarily Polycom VOIP phones throughout our facility. We would like to restrict or eliminate any web surfing availability within FreePBX. As they are now, it is possible to take an Ethernet cable from the LAN port on a Polycom phone and get direct access to the Internet with it. Is there a way to prevent that from happening like through the Firewall mod?
Also with respect to the DHCP server module, we currently have our system setup that the phones get their provisioning (through tftp) and DHCP configurations from a separate server. All of the provisioning itself is hosted on the FreePBX box however. If I enable the DHCP server mod on the FreePBX and disable this on the other server, can I expect it to just kick in?


Just disable the pc/lan port either locally on the phone or in the provisioning file

I should’ve thought of that…
That will cover most of our phones, but at least at the moment we need to provide Internet through some of these phones as that’s the only network available there…

I believe that a local configuration setting on the phone itself would override a provisioned one.

But again that will leave the phone open to unfiltered internet.

That’s purely a network topology thing, you can apply vlan tagging to the phone and or the pass through port though. You will of course always need an effective firewall policy on any points of ingress.

1 Like

Sorry it’s been awhile, had other things to attend to…
So that’s part of my question. I’m not very familiar with the way the firewall is set up in FreePBX. I’ve seen some information about the IPtables and I know there’s the Firewall mod in the GUI. How do I go about setting up a comprehensive Firewall policy within FreePBX?
Also, I reiterate my question about the DHCP config. The provisioning is located on the FreePBX server, but I don’t see any way, within the GUI at least, to provide configuration to point the phones in that direction. Is it something that will be determined automatically, or is this service something that has more to do with the CentOS environment which the the FreePBX resides on?

Sorry I can’t help with the distro firewall as I don’t use it.

DHCP services need to provide the network location tof it’'sprovisioning to the phones, usually on option 66 or 150

VLAN provisioning for the phone depends on the phone. perhaps LLDP sometimes in the first config file asked fo