...
You can always fully trust some networks. The installed firewall will never perform filtering for them (in/out).
Edit Edit /etc/voipnow/local.conf
and and uncomment the TRUSTED_NET variable, replacing its value with your local network IP and netmask:
Shell |
---|
# Access from these networks is always allowed (eg: TRUSTED_NET 10.10.34.12/32 10.10.33.1/24) # TRUSTED_NET NETWORK/MASK |
Shell |
---|
# Access from these networks is always allowed (eg: TRUSTED_NET 10.10.34.12/32 10.10.33.1/24) TRUSTED_NET 172.16.100.1/24 |
...
- save your existing firewall rules into a temporary file (
/tmp/iptables.20650
in in the above example) - inspect the VoipNow Cloud Management for roles assigned to this role
- attempt to detect ports used by each role and apply the corresponding firewall rules
- install a "safety net" consisting of a cron job which does a firewall flush after 10 minutes
...
Assumiing that everything is ok, run the firewall script again with the the ok
parameter parameter (this will remove the cron job and leave your newly generated firewall rules in place):
Shell |
---|
[root@localhost ~]# /usr/local/voipnow/admin/sbin/voipnow_firewall ok Script called with ok option - removing safety net |
Private Network
The private network must be isolatedbe isolated. Only VoipNow nodes must be able to access it - it should not be shared with any other system. Furthermore, generic generic host level network firewalls must be configured to allow connection only on the ports that are opened on each role.
...
The public network must be protected with firewalls. Connections must be allowed only on the ports configured to be accessed by customers' devices.
The sections below offer several recommendations on several recommendations on how to set up firewalls based on the role of the node.
...
Requires public network access, as well as private network access for management and database traffic. Traffic Traffic is encrypted; both private and public networks are required. Supports Supports authentication and authorization methods. Could be protected with an application level firewall.
...
Requires public network access, as well as private network access for management and database traffic. Traffic Traffic can be encrypted with TLS as long as involved parties support this protocol otherwise its not encrypted; both private and public networks are required. Supports Supports authentication and authorization methods. Could be protected with an application level firewall.
...
Requires public network access, as well as private network access for management and database traffic. Traffic Traffic can be encrypted (SRTP) as long as involved parties support the protocol otherwise traffic not encrypted; both private and public networks are required. Supports authentication and authorization methods.
...
Traffic must be kept in the private network. Traffic Traffic is not encrypted; connection is made using authentication.
...
Traffic is on the public network and is encrypted, connection is authenticated.
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.