SIP Trunk Security

Hi all,

I am looking for a little direction here. I have a FreePBX 2.9 deployed to a server in a data center (lets call it a cloud setup). I have it locked down reasonably tight with CSF and all extensions have at least 16 character secrets.

It is working quite nicely but I am getting someone trying to connect via the SIP trunk. To be able to accept incoming calls through the SIP trunk I have the “Allow Anonymous Inbound SIP Calls?” set to yes.

We only have the one SIP trunk (Pennytel) so I would like to know if I can lock down FreePBX to allow incoming SIP trunk traffic to a specific IP?

I was thinking of doing this with CSF but it would block connections from the SIP client on my mobile which has a dynamic IP, which I don’t want. All other extensions have static IP’s so I can use CSF for that.

If anyone else has an alternative recommendation then I am all ears. :slight_smile:

Thanks in advance.

Just to clarify, I am looking to see if I can lock down incoming traffic on the SIP trunk only to come from a specified IP. This restriction should be performed by FreePBX so as to not disrupt extension connections with dynamic IP’s. I will control all other blocking with CSF.

Hope that’s a bit clearer. :slight_smile: Amazing what a reread does. lol


You can setup IPtables (the Linux firewall) to drop all packets on 5060 except those from Pennytel’s IP.

A quick Google search should provide the direction you need.