System Admin Network Intrusion Monitoring

I am trying to confirm as to whether the white list in FreePBX covers SSH in addition to the FreePBX GUI?

Presumably,, and any external IP’s would need to be whitelisted. Is there anything else that would need adding, presuming the whitelist in the GUI can handle SSH, to ensure I am not locked out when I am away?

If the System Admin Whitelist does not cover SSH, how can I whitelist without the whitelist rules I add being written over by the module?


This is a front-end for the fail2ban application - you might want to research that a bit more in depth. I have a lot of custom stuff done with fail2ban and iptables that hasn’t been overridden by this module so I think you’re safe there. The CLI is much better for managing this anyway, though, IMHO.

Actually and perhaps counter-intuitively, you should not whitelist (ignoreip in fail2ban talk) your external IP in the Asterisk jail ( but you probably should blacklist it) .

Likely no legitimate SIP connections will originate from that address, but many spoofed connections will appear to come from it (These guys might be a**sholes, but many are cleverer than we are :wink: )

@dicko You’re the cleverest a-hole I know. <3