I am trying to confirm as to whether the white list in FreePBX covers SSH in addition to the FreePBX GUI?
Presumably, 127.0.0.1, 192.168.1.0/24 and any external IP’s would need to be whitelisted. Is there anything else that would need adding, presuming the whitelist in the GUI can handle SSH, to ensure I am not locked out when I am away?
If the System Admin Whitelist does not cover SSH, how can I whitelist without the whitelist rules I add being written over by the module?
This is a front-end for the fail2ban application - you might want to research that a bit more in depth. I have a lot of custom stuff done with fail2ban and iptables that hasn’t been overridden by this module so I think you’re safe there. The CLI is much better for managing this anyway, though, IMHO.
Actually and perhaps counter-intuitively, you should not whitelist (ignoreip in fail2ban talk) your external IP in the Asterisk jail ( but you probably should blacklist it) .
Likely no legitimate SIP connections will originate from that address, but many spoofed connections will appear to come from it (These guys might be a**sholes, but many are cleverer than we are )