I have a FreePBX 14 distro install with the built-in firewall enabled. There is only one interface on the server which is directly connected to the Internet and it is set as “Internet (Default Firewall)”. I have limited trusted networks setup.
The SSH service is set for “Local” only, but I can access it from outside the trusted networks I have setup.
The HTTP and HTTPS services are also set for “Local” only but those are both inaccessible from outside my trusted networks.
Thanks for your replies. Yes, I did “Apply Config”. There were some other updates in the meantime that I have applied and I just checked now and SSH appears to be getting blocked from outside properly now. I also haven’t received a bunch of “SSH IP Banned” e-mails from Fail2Ban, so I think it is all good now.