Firewall

IvozProvider does not currently include a firewall but...

Danger

We strongly encourage any production installation to implement a firewall to protect the platform from the wild Internet.

The protection method could be:

  • Local firewall based on iptables
  • External firewall
  • Both

Exposed ports/services

These are the ports IvozProvider needs to expose to work properly:

SIP signalling:

  • Port 5060 (TCP/UDP)
  • Port 5061 (TCP)
  • Port 7060 (TCP/UDP) y 7061 TCP (just in case both ProxyUsers and ProxyTrunks share IP)

RTP audioflow:

  • Port range 13000-19000 UDP

Web portal and provisioning:

  • Ports TCP 443, 1443 y 2443

Hint

We recommend using iptables geoIP module to drop connections from countries where we don’t have any clients.