[FREEPBX-7576] Implement OS-based firewalling to protect iSymphony module - Sangoma Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Not an issue
Affects Version/s: None
Fix Version/s: None
Component/s: FreePBX Distro
Labels:
- security
- vulnerability

ToDo:

Description

Official iSymphony security advisory says that OS-based firewall protection of ports 50001-50003 should be implemented.
Default installation of FreePBX distro does not implement this protection, leaving vulnerable ports open.
Please see:
http://docs.getisymphony.com/display/SEC/Security+Advisory+2012-09-13

Fix is to add following rules to iptables config:

iptables -A INPUT -p tcp --dport 50001 -j DROP
iptables -A INPUT -p tcp --dport 50002 -j DROP
iptables -A INPUT -p tcp --dport 50003 -j DROP

Gliffy Diagrams

Attachments

Activity

People

Assignee:

Tony Lewis

Reporter:

varnav

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

10/May/14 2:29 PM

Updated:

15/Nov/18 8:33 PM

Resolved:

11/May/14 12:16 PM

NextupJiraPlusStatus

Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.