Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-23441

Enable Responsive Firewall by Port, not just Chan

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 13, 14, 15
    • Fix Version/s: None
    • Component/s: Firewall
    • Labels:
      None
    • Asterisk Version:
      All
    • Distro Version:
      12.7.8-2203-2.sng7
    • Distro:
      FreePBX Distro

      Description

      Hello,

      Our end-users/handsets communicate with Asterisk on a non-standard TLS port.  Only Trunks use SIP/UDP/5060.

      Responsive Firewall sees near-constant probing/attacking on SIP/UDP/5060.  It sees almost nothing on the non-standard TLS port.

      I would like to enable Responsive Firewall on TLS only and disable it on SIP/UDP/5060.  That way, SIP/UDP/5060 will be locked to the known Trunk peers, avoiding all of this probing/attacking, and only TLS will be available for probing/attacking, which it sees very little of anyway, improving security tremendously.

       

      Right now, Responsive Firewall is enabled by Chan type.  Allowing it to be enabled by transport would allow this to happen and allow us to block many attacks/probes outright.

      Thanks,

      Dave

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                david.sovereen@mercury.net David Sovereen
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.