Security Reactor¶
Reactor Introduction¶
In order to protect the Asterisk server a Security Reactor is implemented.
As most of the installations (at least for now) use an external Asterisk / FreePBX server the security reactor is not enabled by default.
To enable the reactor add security_reactor_enabled: True
to /etc/salt/minion_local.conf
and restart
the minion.
Make sure that a voip
chain is created in iptables and that the necessary ipsets
are created:
iptables -nL INPUT | grep voip
ipset list
When the reactor is enabled all unsuccessful SIP registrations will cause the incoming IP address to be added to the banned
ipset.
You can check that manually using ipset list banned
or though the Odoo UI in Settins -> Security -> Banned
menu (use the Refresh button to first load the
entries from the Agent).