What's the difference between "Intrusion Detection" and "Responsive Firewall"?

What’s the practical difference between what each one does? Also why are there separate options to declare trusted/local networks in intrusion detection, firewall, and even SIP settings…aren’t they for the most part the same (with additions maybe for remote offices)?

1 Like

Intrusion detection is fail2ban, which is a service that monitors PBX log files for evidence of suspicious activity, and writes iptables rules to block hosts AFTER the IP has logged intrusion attempts in the various log files on the system. It is not limited to Asterisk, it also monitors Apache, ssh, ftp, and other services’ log files.

Responsive Firewall is described on this page:
It doesn’t rely on any log activity, it monitors live inbound VoIP packets (and only voip) and compares them to a white list. If the inbound packet is not from a white listed host, it will accept enough packets for the host to register to Asterisk, and thereby get added to the white list. If not, it will add the host to a black list.


That clears it up. thanks for the info. Much appreciated.

1 Like

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.