SkykingOH, Thank you so much for your valuable pointer to the feature already available in Asterisk.
I believe it helps the entire community, especially newbies, to let everyone know some of the very real security risks (one of the primary reasons I started this thread); and also some of the things that should be done to address the security issues.
Now some might say that if anyone does not completely understand the security issues, then they have no business playing around with Asterisk, but I think the concept of Asterisk being able to be used by the maximum number of people is a great idea. I suspect that is perhaps the philosophy of the founders of FreeePBX, and I thank them.
The issue I seem to be running into is that since FreePBX wipes out existing settings in many Asterisk conf file every time the administrator makes changes via the FreePBX GUI, therefore having these “permit/deny” security settings absent from the SIP set-up page, it means that even if one completely knows the syntax, then one has to choose not to use FreePBX for configuring SIP if one wants to use “permit/deny”. FreePBX might even wipe out “permit/deny” settings manually entered even when FreePBX is being used to modify for other settings.
To your point “If you install the application in a secure environment none of this is an issue”, I think that to be in a “secure environment”, one would have to have no access between the Internet and the Asterisk box. The problem is when one wants to have some access but have it secure. The more access one wants, the less secure the environment is, right?
As I said earlier in this thread, I have now completely locked out SIP port 5060 at the DSL-router level, so I believe I do now have a “secure environment”, but others might want to have more access, such as allowing others to “dial in” via SIP, remote extensions, and the like.
And, since it seems someone has already done the work in Patch 932, it might actually be less “cycles” for the more advanced people to simply include the work already done, so others (like me) don’t run into this problem then ask about it.
In summary, thank you so much for taking the time to point me (and anyone else reading this thread) in the right direction. It makes the Asterisk experience better for all honest people.