@adolfoc wrote:
Background:
I'm using FreePBX 13, and I have the firewall module installed.
I have FreePBX in a hosted VMS environment.
I have the Responsive Firewall disabled, and have whitelisted the IPs where my phones and SIP trunks are located.
Filter Type is set to reject.I also have the Intrusion Detection module running with a max retry of 1, find time of 600, and ban time of 86400.
However in watching the asterisk console in realtime, I see several attempts from IPs ("Friendly scanners") trying to make SIP connections. Fail2ban IDS does not seem to ban these IPs, nor does the Firewall block attacker or Rate Limited Host.
Question:
Since I'm running both Intrusion Detection and the Firewall... what is the best way to block a known offending IP Host?Can I insert an iptables entry "iptables -A INPUT -s [badhostIP] -j DROP" ?
Does putting the host in the Firewall Blacklist Zone work, even though I'm not using a responsive firewall?
(or is the Blacklist Zone ignored unless you use a responsive firewall?)Should I change my Firewall filter type to DROP instead of REJECT?
Posts: 1
Participants: 1