The ultimate aim here is to lock down FreePBX so that it’s safe to tie into an external VOIP service where we can associate a number with it and allow contact through it.
There are a few practices that need to be considered like
- not allowing guest connections
- only authorised traffic through verified trunks
- if possible, only open up the SIP port externally to the VOIP provider
- fail2ban for unauthorised traffic/multiple attempted login attempts
- both for SIP and SSH (though don’t open up SSH to the outside)
This can usually be installed through the OS package manager, but since there’s a dedicated command for it on FreePBX, I’m assuming it’ll have some additional settings related to the PBX and not just SSH.
As root, run
Installing Fail2Ban for Asterisk
Configuration by Razvan Turtureanu
Installer script by Gernot Bauer
Please read the documentation at http://raspbx.org/fail2ban
Send notifications to email address (leave empty for no notifications):
I don’t have mail settings configured at the moment, but I’ve put in my e-mail address for future use.
Once installed, I’m presented with
Your configuration has been saved successfully to these files:
Please be aware that this configuration only works if you have allowguest=no
in your sip.conf file. To configure this in FreePBX, go to Asterisk SIP
Settings and set Allow SIP Guests to No.
A good practice is to also add the setting
in Other SIP Settings on the Asterisk SIP Settings page.
sip.conf seems to be located at
/etc/asterisk/sip.conf, but I’m not seeing
allowguest parameter. I’m also not sure if this should be edited or if it
needs to be done from the FreePBX GUI.
The GUI equivalent is at Settings > SIP Settings > Security Settings >
Allow SIP Guests. I’ve turned this off for now, so let’s see how that goes.
#sip #telephony #freepbx