Applies to VoipNow 5.X.X!
Starting with VoipNow 5.X.X, a built-in firewall is delivered at installation. It provides a quick and easy way to restrict access to your server using the iptables tool.
Once VoipNow is installed, a firewall script is delivered. The script will automatically detect the roles running on your node and apply only the corresponding access rules. The script also contains a built-in safety feature to ensure you don't lose access to your server.
This is how you run firewall with a SafetyNet.
SafetyNet will clean the firewall in 3 minutes if no action is taken.
To make the changes permanent, you need to run the following command.
This is how you disable the firewall.
How to set up the firewall trusted network
VoipNow's built-in firewall has a Trusted Network feature that will allow full access only to the networks set as trusted. This feature is efficient if you have local private networks that you use for storage, management, and/or monitoring.
To set a network as trusted, please follow the steps below. In our example, we'll allow access to 172.16.100.0/24.
Edit /etc/voipnow/local.conf and uncomment the TRUSTED_NET variable, replacing its value with your local network IP and netmask.
To look like this:
Then execute the following script.
How to set up the firewall on VoipNow Distributed Infrastructure
Voipnow firewall also works on VoipNow Distributed Infrastructure, but requires reapplying firewall rules on each node every time you add new VoipNow Nodes.
After changing the infrastructure in the web interface from single node to distributed, you need to reapply the firewall on IC using the following command:
After successfully running this command, you need to clean SafetyNet and apply the firewall with the following command.
Make sure to review the firewall and block access to MySQL, Elasticsearch, HubRing from external clients. Access to databases must be permitted only from Voipnow nodes.
Every time you add a new node, you must run the following command on all the other nodes.
Custom firewall rules
VoipNow firewall allows you to add custom firewall rules. You can add them to
Once the firewall rules are created, the script will be executed like any shell script. However, this will happen before the DROP rules are added at the end of INPUT chain.
If you want to open some custom ports, take the following example - we opened port 8000 in
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.