IPtables required?

Discussion in '3CX Phone System - General' started by hwcltjn, Aug 16, 2017.

Thread Status:
Not open for further replies.
  1. hwcltjn

    Joined:
    Aug 16, 2017
    Messages:
    26
    Likes Received:
    1
    For v15.5 on debian does 3CX require iptables at all or can disable it completely?

    Are iptables used to block malicious user agents, too many username/password and client registration attempts or is that handled through a different mechanism?
     
  2. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    3CX built-in security should be enough generally.
    However additional firewall could add extra security, especially if you don't have router / firewall in front of the PBX (you should forward only specified ports).
    Please share experience with iptables, if you implement them.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. hwcltjn

    Joined:
    Aug 16, 2017
    Messages:
    26
    Likes Received:
    1
    I'll definitely be using a firewall - I was just wondering if any part of of 3CX relies on iptables as part of it's built-in security measures?
    Just looking for confirmation :)

    If not I'll go ahead and disable iptables completely.
     
  4. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    This should be confirmed by 3CX -- no action regarding iptables is normally required. So, either 3CX are not using them (have implemented own solution) or configure them accordingly during installation -- this hypothesis should be possible to be checked. For example Windows firewall is configured during installation automatically.

    Built-in security of 3CX resembles too much security provided by properly configured iptables.
    If confirmed iptables are not used, adding extra security should be beneficial.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 sip.bg, Aug 17, 2017
    Last edited: Aug 17, 2017
  5. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    4,443
    Likes Received:
    282
    If you use the 3CX provided Debian ISO then iptables are pre-configured for you. If you have installed Debian using the standard Debian ISO then IPtables are configured to allow all traffic. The security module in 3CX does not rely on the IP tables.
    You can check your IP tables by accessing the machine through SSH and typing iptables -L
     
Thread Status:
Not open for further replies.