DLS Posted January 15, 2012 Report Share Posted January 15, 2012 Hi, Following on from getting a number of external blocked IPs that I can't explain I'm looking to lock down our PBX as much as ppossible. I have outbound proxy addresses in place for all trunks, limited inbound access on the trunks to our ITSPs address, and am locking accounts to fixed IPs for the phones. What I can't work out is how to block access to the PBX so that anything outside our local subnet and the trunks has no access. I've set the access to allow for 192.168.x.0/24 to allow, but unsure what to do to block all others. I'm assuming something like 0.0.0.0/0 but not 100% sure and didn't want to lock myself out of the PBX! Cheers Andrew Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 16, 2012 Report Share Posted January 16, 2012 The way the PBX processes the list is by the netmask. It searches the more special entries first. So if you specify /0 netmark, this entry is processed last. So if you want to blacklist everything as a general rule, thats file. Just make sure that the subnet where you are coming from is already there when you add the general rule. If you screw it up, you can still go to the file system, remove the last added rule and restart the system. Quote Link to comment Share on other sites More sharing options...
DLS Posted January 16, 2012 Author Report Share Posted January 16, 2012 Thanks - so I've added the following: 0.0.0.0/0 - Block 192.168.x.0/24 - Allow (where x is our subnet) Hopefully this will be the last we see of hacking attempts! Cheers, Andrew Quote Link to comment Share on other sites More sharing options...
snomuk Posted January 16, 2012 Report Share Posted January 16, 2012 Hi Andrew I suggest adding an allow on localhost too so you can access the web interface from the machine itself. 127.0.0.1/32 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.