ANYONE USING VULTR FIREWALL WITH FREEPBX
-
I was just curious for those using FreePBX on Vultr are you using the external firewall or just the FreePBX firewall or both?
I have been using both and like having the additional lockdown on my system, but it can also be a pain since I basically need to add two entries every time I want to add another location I want to connect phones.
-
@syko24 What is the point?
-
@jaredbusch said in ANYONE USING VULTR FIREWALL WITH FREEPBX:
@syko24 What is the point?
That's my opinion, too. What would it add?
-
@syko24 said in ANYONE USING VULTR FIREWALL WITH FREEPBX:
I have been using both and like having the additional lockdown on my system, but it can also be a pain since I basically need to add two entries every time I want to add another location I want to connect phones.
What's the additional security aspect here? I get the "fail open" risk, but that's pretty trivial.
-
@JaredBusch @scottalanmiller - I see your point. I kind of thought that using the Vultr firewall would help prevent someone beating on the server from the outside.
-
@syko24 said in ANYONE USING VULTR FIREWALL WITH FREEPBX:
@JaredBusch @scottalanmiller - I see your point. I kind of thought that using the Vultr firewall would help prevent someone beating on the server from the outside.
Not if the Vultr firewall matches the FreePBX firewall. Basically, if the port is blocked, beating on it does nothing. If the port is open, it'll pass through both firewalls instantly.
-
@scottalanmiller - I guess you're right. So really what would be an ideal use case for the Vultr firewall. Windows VM?
-
@syko24 said in ANYONE USING VULTR FIREWALL WITH FREEPBX:
@scottalanmiller - I guess you're right. So really what would be an ideal use case for the Vultr firewall. Windows VM?
That exists for when you want to build a LAN behind it, it's not for stand alone servers.
-
Example, you have ten servers including databases, application servers, proxies, etc. And you only want the proxies exposed to the Internet, not the other machines. But they need to be exposed to each other. So the firewall exists to ensure that traffic cannot get to them, even though their own firewalls cannot close all of those ports because they need to see traffic from your "Vultr LAN."
-
@scottalanmiller said in ANYONE USING VULTR FIREWALL WITH FREEPBX:
Example, you have ten servers including databases, application servers, proxies, etc. And you only want the proxies exposed to the Internet, not the other machines. But they need to be exposed to each other. So the firewall exists to ensure that traffic cannot get to them, even though their own firewalls cannot close all of those ports because they need to see traffic from your "Vultr LAN."
Makes sense, most setups I have done on Vultr have been single server setups - FreePBX or NextCloud. I haven't really built out a full network of systems on their platform.
-
@syko24 said in ANYONE USING VULTR FIREWALL WITH FREEPBX:
@scottalanmiller said in ANYONE USING VULTR FIREWALL WITH FREEPBX:
Example, you have ten servers including databases, application servers, proxies, etc. And you only want the proxies exposed to the Internet, not the other machines. But they need to be exposed to each other. So the firewall exists to ensure that traffic cannot get to them, even though their own firewalls cannot close all of those ports because they need to see traffic from your "Vultr LAN."
Makes sense, most setups I have done on Vultr have been single server setups - FreePBX or NextCloud. I haven't really built out a full network of systems on their platform.
Not many have as there weren't firewall options before ;)
