What should I do before I expose the Server to the Internet?

My GF and friends should be able to connect to my PBX but not have access to the rest of the Network so an VPN is out the way. My Router support Geo Blocking so I block the hole Traffic from Country I am not to.
What should I do on the Server to prevent someone from abuse them?

IT is best not to expose it to the internet, truly.

  • Change the PJSIP port (5060) to a non-standard port.
  • Change the RTP ports (10000-20000) to a non-standard range.
  • Turn on responsive firewall
  • Increase Fail2Ban time

Thanks for replay does it mean it is changed for all device to?
That would mean I have to reprogramm many other Device.
Maybe I can do that in the Router them self.

A VPN dosn’t have to be routable to the rest of the LAN.