I have a VPS hosted FreePBX server, and I am testing out a different SIP trunk provider. Doing so has forced me to change the SIP port to the standard 5060. I started seeing call attempts from non-existent extensions to international numbers. The calls weren’t able to complete, but they are filling my logs and CDR’s with junk. I have disabled my responsive firewall for my PJSIP traffic. I have added my local static IP to the networks tab as trusted for my phones. They register and work just fine. However, watching my SIP logs, I constantly keep seeing invites trying to place calls from extensions I do not have on my PBX. I added the source IP’s to the blacklist in the firewall settings and I have restarted asterisk, and it seems like it hasn’t made a difference. Those same IP’s I have blocked still persist with attempts. Under services, I have changed my SIP protocol to Local only as well. Under SIP settings, I have disabled both Allow Anonymous Inbound SIP Calls and Allow SIP Guests. I’m not sure if I am missing something in the firewall to prevent these attempts.I have my intrusion detection [fail2ban] running and I increased those restrictions too.
Can someone help me identify what I am missing to help tighten security?
Also, whitelist your providers and blacklist everything else. Even if you end up not using them, their servers should be reliably locked down to prevent them from connecting to your server.
Generally this is not required, as the PBX firewall will white list your signalling hosts automagically. The exception is to white list whatever you add to the Match field for PJSIP trunks.
An ambitious project to be sure, but perhaps slightly more work than necessary on a deny by default firewall.
I don’t understand the question. At present, entries on the Match field are not added to Firewall automatically. The linked ticket requests this be added.