Configure the FreePBX Smart Firewall
The next thing is the new responsive firewall. I recommend enabling this with all the defaults.
Mostly this is clicking next through the wizard process.
Note that is says to make your current client trusted. If you are on an ever changing network, you can later add a DNS entry with a DDNS name. So say yes for now.
I would not add a remote network as trusted.
Enable the responsive firewall. This basically adds
fail2bancapability to SIP login attempts.
Let it update the SIP settings in Asterisk.
You are all done. Click not now to their SIPStation offer, well unless you want it.
At this point you will be presented with the main FreePBX dashboard.
You should notice right away that there is a big X on the firewall status. Mouse over tells you why. Your interface (i.e. eth0) is listed as trusted. This is a bad thing generally.
Go to Connectivity -> Firewall to get this straightened out.
Click on Zones in the right hand sub menu.
Take a minute to read what each of the zones is designed for and then click on the Interfaces tab.
Here you can see the interface is listed as trusted and that it was setup in order for you to finish the install. Click on External and then click on the green checkmark to save the change.
Next click on the networks tab and you can see the IP you allowed to be trusted earlier. Add your DDNS name here if you have a dynamic IP and click the green plus. Then remove the IP address by clicking the red X. If you have nay other networks you want trusted, you can add them at this time.
Go back to the Dashboard and the Firewall Configuration status should now be a green checkmark.
Part of the FreePBX 13 Setup Guide
The last step there, "Networks" is still functionally the same, but the GUI has been updated.