Configure the FreePBX Smart Firewall


  • Service Provider

    The next thing is the new responsive firewall. I recommend enabling this with all the defaults.
    0_1474923301228_upload-436a3b72-5d8e-41bc-9df1-bad3962d9c5f
    0_1474923401521_upload-475ba9cb-8685-422c-99cb-78a4bc8e61fa

    Mostly this is clicking next through the wizard process.
    0_1474923674720_upload-14848edc-6a65-4ec9-b603-874b1abd2a03

    Note that is says to make your current client trusted. If you are on an ever changing network, you can later add a DNS entry with a DDNS name. So say yes for now.
    0_1474923804695_upload-650ee5b9-9254-4111-8dd1-4a035fedfe23

    I would not add a remote network as trusted.
    0_1474924046501_upload-855a4973-873f-42d5-aa35-4b3cde0b9687

    Enable the responsive firewall. This basically adds fail2ban capability to SIP login attempts.
    0_1474924117993_upload-6978db2c-de29-41a2-b8be-f5802e474eb4

    Let it update the SIP settings in Asterisk.
    0_1474924174482_upload-fc9bc6b6-9ad8-4d69-94ee-a50cc89943f7

    You are all done. Click not now to their SIPStation offer, well unless you want it.
    0_1474924242013_upload-8b05d509-3654-44d5-8766-c3ac281868d1

    At this point you will be presented with the main FreePBX dashboard.
    0_1474924348348_upload-bc8f570d-d638-4859-8e33-784f1646f0b5

    You should notice right away that there is a big X on the firewall status. Mouse over tells you why. Your interface (i.e. eth0) is listed as trusted. This is a bad thing generally.
    0_1474924576578_upload-87794e1b-3ebc-42c6-9d7a-16595593e35c

    Go to Connectivity -> Firewall to get this straightened out.
    0_1474924630685_upload-7f71dffb-4459-4ef0-8b9c-2550b57b37f3

    Click on Zones in the right hand sub menu.
    0_1474924724755_upload-0b6694c6-a0f7-457d-8b31-676cf7691be0

    Take a minute to read what each of the zones is designed for and then click on the Interfaces tab.
    0_1474924785380_upload-0184f50d-f5a4-4f33-89e8-61ff83c2624d

    Here you can see the interface is listed as trusted and that it was setup in order for you to finish the install. Click on External and then click on the green checkmark to save the change.
    0_1474925018916_upload-6d414ca0-a75a-4047-9877-0a449bde1faf

    Next click on the networks tab and you can see the IP you allowed to be trusted earlier. Add your DDNS name here if you have a dynamic IP and click the green plus. Then remove the IP address by clicking the red X. If you have nay other networks you want trusted, you can add them at this time.
    0_1474925164045_upload-c8b67ede-cf96-40eb-88ef-4b0efdbb349f

    Go back to the Dashboard and the Firewall Configuration status should now be a green checkmark.
    0_1474925929541_upload-9dfadbae-ea98-4086-82bd-99f401aeccf7

    Part of the FreePBX 13 Setup Guide


  • Service Provider

    The last step there, "Networks" is still functionally the same, but the GUI has been updated.
    0_1497720411597_26d90ab5-694d-4265-8cdc-3857472d3911-image.png

    0_1497720454881_734d9d26-9ecc-47f3-ab3e-e0dbc5ab2657-image.png



Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.