GEOFIREWALL ADD ON

Reporting an Issue
1

My VitalPBX is receiving registration requests from IP addresses that are within countries that are not allowed by the add-on. Why is this possible?
Shouldn’t the GEOFIREWALL be blocking such attempts when connection to VitalPBX is attempted.

My regular firewall (FAIL2BAN) is blocking an average of 50 addresses a day

2

Which version of VitalPBX are you using?

Can you please share the GEO firewall config?

3

4.0.1-1 Geo Firewall
VitalPBX Starter 4.0.3-1
Asterisk 18.16.0-1

4

Facts:

  • The GEO firewall will drastically reduce the number of attacks on your server blocking IPs from different countries; this will also help to alleviate the server load because Asterisk doesn’t receive those attacks.
  • Unfortunately, due to the high frequency of IP updates worldwide, it is impossible to have a database with the 100% of IPs of all the countries.

Recommendations:

  • Keep your server up to date. Almost on every update, the GEO Firewall IP addresses are updated.
  • Configure the APIBan. Adding your APIBAN key in the file “/etc/vitalpbx/firewall.conf” will enable an extra layer of security that will protect you from known attackers.
2 Likes
5

Thanks Miguel, but I still would like to know where in the call flow GEOFIREWALL works- before registration request or before call processing. I am using fail2ban and it is jail,ing about 100 IPs per day.

Please explain your comment Adding your APIBAN key in the file “/etc/vitalpbx/firewall.conf ” will enable an extra layer of security that will protect you from known attackers.

6

I too would like to know more about the APIBAN key, as I have never seen this mentioned before. None of my servers have this setting, are they at risk ?

7

From VitalPBX 3

Firewall: now, it is possible to enable the APIBAN blacklist as part of the Firewall. To activate it, you must add your APIBAN key in the file “/etc/vitalpbx/firewall.conf.” To get your APIBAN key, you must go to “apiban.org.”