LogoLogo
www.mikopbx.comTelegram communityForum
English
English
  • MikoPBX Manual
    • Quick start
    • Getting to know MikoPBX
    • System requirements
  • Installation
    • Standalone Computer
    • Virtual Machine
      • VMware ESXi
      • VMware Fusion
      • VirtualBOX
      • VMware Workstation Pro
      • Hyper-V
      • Proxmox
    • Cloud
      • AWS
        • AWS deployment guide
        • AWS Marketplace
      • Microsoft Azure
      • Google Cloud
        • Google Cloud deployment guide
        • Google Cloud Marketplace
      • Hetzner cloud (In dev)
      • Digital Ocean
      • Alibaba Cloud
      • Vultr
    • Docker container
      • Docker installation and creating a user and directories
      • Running MikoPBX in a container
      • Running MikoPBX using docker compose
  • User manual
    • Telephony
      • Extensions
      • Call queues
      • IVR Menu
      • Conferences
      • Sound files
      • Call detail records (CDR)
    • Call Routing
      • Telephony providers
      • Incoming routing
      • Outbound routing
      • Night and Holiday Switch
    • Modules
      • Registration in the modules marketplace
      • Module management
      • Application dialplans
    • Maintenance
      • PBX update
        • Updating from the web interface
        • Updating from the MikoPBX console
        • Updating the docker
      • System log entries
      • Reboot
    • Network and Firewall
      • Network interface
      • Firewall
      • Anti brute force
    • System
      • General settings
      • Time Settings
      • Mail settings
        • Setting up E-mail notifications for the Gmail mail service
      • Asterisk Manager Interface(AMI)
      • System files customisation
  • FAQ
    • Setup
      • Installation on MDADM RAID1
      • Fine-tuning the firewall
      • Migrating MikoPBX to Another Server
        • Transfer Using Backup
        • Transfer using scheduled backup (SFTP)
        • Transfer using rsync
      • Reset to factory settings
      • Monitoring Providers on MikoPBX
    • Management
      • Change the login name
      • The extra disk space has run out, the disk size has increased
      • Storing Recordings in a Shared Windows Folder
      • Resetting WEB Interface Credentials
      • Backup Internet and Provider Re-Registration
    • Troubleshooting
      • Connecting to the PBX using SSH
        • Connecting to PBX using SSH client (Putty)
        • Connecting via SSH (Windows)
        • Connecting via SSH (Linux/MacOS)
      • Connecting to a PBX using WinSCP
      • Getting logs using the tcpdump application
      • Capturing Logs from PBX using Wireshark
      • Traffic Analysis Using Sngrep
      • Adjusting the volume
      • Troubleshooting sound problems
      • Jitter Configuration
    • Incoming Routing
      • Choosing a provider when redirecting to a mobile
      • Notification of Employment, Call Waiting
      • Black and white lists
      • Allow additional dialing of the internal number in the queue
      • Output of information about the did number
      • Setting individual non-working hours for a provider account
      • An example of the implementation of a typical route of incoming calls
      • Routing by DID Number
      • Normalization of incoming phone number
      • Basic IVR example
    • Outbound routing
      • Add P-Preferred-Identity and Remote-Party-ID header
      • Conference with a regular external subscriber
      • Outgoing with internal number dialing
      • Remove all special characters from the dialed number
      • Prohibiting calls via a backup route
      • Calls to emergency numbers
      • Number Templates
        • Uniform distribution of outgoing
        • Sample template: calls to another country
        • How to prohibit the replacement of "+" with 00
        • Changing the number prefix from "+345" to "347"
        • Changing the number prefix from "345, 347" to "+345"
        • Removing the area code from the number
        • Adding the prefix "1" to the number
      • Making Calls Through a Specific Provider
    • Scenarios and cases
      • Generate extensions by REST API
      • Missed Call Telegram Notifications
      • Call the company from your mobile and dial an extension to call a third-party company
      • Sending an incoming fax to email
      • Customer's assessment of the quality of service
      • Simulation of external calls
      • Disabling "off-hours" for VIP numbers
      • Registering multiple accounts from one provider
      • Setting up individual non-working hours for several providers on one host
      • Disable forwarding to mobile for internal calls
      • Unique background music for the queue
      • Pause for Queue agent
      • Dynamic Queue Agents
      • Setting up the "Paging" function
      • Limit the number of authorizations per SIP account
      • Call Monitoring (ChanSpy)
      • Conversion of Call History FreePBX -> MikoPBX
      • SSL Certificate for MikoPBX Web Interface from OPNSense
      • Hiding the Caller’s Number from Employees
    • Interconnections
      • Merging two MikoPBX
      • Integration of MikoPBX and Grandstream UCM6202
      • MikoPBX and FreePBX (PJSIP)
      • MikoPBX and FreePBX (IAX)
    • VoIP providers
      • Mango
      • Zadarma
    • Softphones
      • Bria Solo
      • Sessiontalk
      • MicroSIP
      • Groundwire
      • Zoiper
      • Jitsi
      • PhonerLite
      • Linphone (MacOS)
      • Telephone(MacOS)
      • Configuring webRTC client SIMPL5
      • Softphone.pro
      • 3CX Softphone
      • PortSIP
    • IP telefones
      • Snom D120
      • Yealink T19
    • VoIP gateways
      • GoIP4
      • Grandstream HT503
      • Using a Huawei E173 USB Modem for Calls (chan_dongle)
  • Modules
    • MIKO modules
      • for 1C:Enterprise
        • Панель телефонии 4.0 для 1С
        • Панель телефонии 1.0 для 1С
        • Модуль умной маршрутизации
      • Users groups
      • CRM Bitrix24 integration
      • Autoprovision
      • Let's Encrypt
      • Access control management
      • Module auto dialer
      • Backup
      • Synchronization with LDAP/AD
      • Callback module
  • other
    • Changelog
      • MikoPBX 2024.1
      • MikoPBX 2023.2
      • MikoPBX 2023.1.223
Powered by GitBook
On this page
  • General settings
  • Available services
  • Advanced Options

Was this helpful?

Edit on GitHub
Export as PDF
  1. User manual
  2. Network and Firewall

Firewall

Description and configuration of Firewall rules in MikoPBX

Last updated 5 months ago

Was this helpful?

The Firewall in MikoPBX is an interface for configuring the system's firewall. Here, administrators can create and manage network traffic filtering rules, controlling access to MikoPBX and protecting it from unauthorized access and network threats. Configuring the firewall ensures the security of the telephone system, preventing potential attacks and ensuring stable operation in the organization's network infrastructure.

In MikoPBX, all local subnets can be described in the "Network and Firewall" → "Firewall" section. The firewall is designed to restrict access to the station by traffic type and subnets.

To add a new rule, you need to click on the button:

General settings

You can give the rule any custom name. To the right of the subnet address, there is a field for Subnet Mask in CIDR format.

Available services

  • SIP&RTP - registration of phones and voice traffic. Session Initiation Protocol is used for establishing connections between VoIP phones.

  • WEB - access to the administrative interface for configuring the PBX. SSH - root access to the system.

  • SSH (Secure Shell) allows accessing the MikoPBX console.

  • AMI - access to Asterisk Manager API via telnet. Asterisk Manager Interface (AMI) provides access to Asterisk via TCP/IP protocol.

  • AJAM - access to Asterisk Manager API via HTTP or HTTPS.

  • ICMP - communication check using the 'ping' command.

  • CTICLIENT - connection of the telephony panel 2 for 1C.

Advanced Options

  • Each subnet has a flag 'Is it a VPN or a local network'. When this flag is set, MikoPBX will present itself as a local IP to all local subnets instead of external ones.

  • The flag 'Never block addresses from this network' should be enabled only for trusted subnets. If this flag is enabled, intrusion prevention rules will not apply to this subnet

Section "Network and Firewall" -> "Firewall" in MikoPBX
Button for creating a new rule
Rule parameters
"Available service" section
"Advanced options" section