My VitalPBX is receiving registration requests from IP addresses that are within countries that are not allowed by the add-on. Why is this possible?
Shouldn’t the GEOFIREWALL be blocking such attempts when connection to VitalPBX is attempted.
My regular firewall (FAIL2BAN) is blocking an average of 50 addresses a day
The GEO firewall will drastically reduce the number of attacks on your server blocking IPs from different countries; this will also help to alleviate the server load because Asterisk doesn’t receive those attacks.
Unfortunately, due to the high frequency of IP updates worldwide, it is impossible to have a database with the 100% of IPs of all the countries.
Recommendations:
Keep your server up to date. Almost on every update, the GEO Firewall IP addresses are updated.
Configure the APIBan. Adding your APIBAN key in the file “/etc/vitalpbx/firewall.conf” will enable an extra layer of security that will protect you from known attackers.
Thanks Miguel, but I still would like to know where in the call flow GEOFIREWALL works- before registration request or before call processing. I am using fail2ban and it is jail,ing about 100 IPs per day.
Please explain your comment Adding your APIBAN key in the file “/etc/vitalpbx/firewall.conf ” will enable an extra layer of security that will protect you from known attackers.
I too would like to know more about the APIBAN key, as I have never seen this mentioned before. None of my servers have this setting, are they at risk ?
Firewall: now, it is possible to enable the APIBAN blacklist as part of the Firewall. To activate it, you must add your APIBAN key in the file “/etc/vitalpbx/firewall.conf.” To get your APIBAN key, you must go to “apiban.org.”