Reply To: RE: Could someone explain the different whitelists and banlist?

VitalPBX Community Support General Discussion Could someone explain the different whitelists and banlist? Reply To: RE: Could someone explain the different whitelists and banlist?

    InTeleSync
    Participant
    Posted by: @ictall

    Hi,

    I noticed VitalPBX has 3x whitelists:

    • Admin -> Security -> Firewall -> WhiteList
    • Admin -> Security -> Intrusion Detection –> WhiteList
    • Admin -> Application Access –> WhiteList

    Also you have a ban list at: 

    • Admin -> Security -> Intrusion Detection –> BanList

     

    Could some one explain when to use which whitelist?
    I can add a dynamic dns to a whitelist, but will it update the IP-address automatically?

    Which of the whitelists add the ip/host to the Iptables?

    If you fail the Intrusion Detection, you will be put on the BANLIST.
    Which of the whitelists will keep you from the banlist?

     

     

    First, my issues above turned out to be getting banned at my own public IP address by Fail2Ban (Intrusion Detection). Yowser! So it’s important that after first build to include your own public IP into the Intrusion Detection Whitelist. Toss in other IP’s such as your office just to be safe.

    To extend the accurate answers already given for clarity and reference …

    Admin -> Security -> Firewall -> Whitelist means Come on in! However, after you’re in you will still be subjected to inspection by Intrusion Detection (Fail2Ban). I think if you’re whitelisting at the firewall, then you probably want to also whitelist at Fail2Ban.

    Admin -> Security -> Intrusion Detection -> Whitelist is the second layer that will inspect individual services such as SIP, HTTP, SSH, etc. after the initial request has made it through the firewall.

    Admin -> Application Access -> Whitelist refers to the locations that want access to the VitalPBX API and/or the Asterisk AMI. ie: Whitelist your web servers or virtual private cloud here.

    I would avoid using dynamic DNS since it can be reversed resolved such as localhost by malicious actors. I wouldn’t think that it would update the IP address automatically, such as altering iptables on the fly. It would resolve on the fly.

    The Firewall Whitelist adds entries to iptables. The Intrusion Detection Whitelist add entries to Fail2Ban’s ignoreip list in jail.local.

    Yes if you fail Intrusion Detection you will be put in the Banlist for Intrusion Detection. The Intrusion Detection Whitelist will keep you from the Intrusion Detection Banlist. The Firewall Whitelist will NOT necessarily keep you from the Intrusion Detection Banlist.

     

    0