<div dir="ltr">I'm just thinking out loud, but maybe it'd be a good idea to have 2 default configs somehow. 1 which is the current one, and the second would be a ver-very-hardened one.<div>I usually start-off with <a href="https://github.com/voxserv/freeswitch_conf_minimal">https://github.com/voxserv/freeswitch_conf_minimal</a> or <a href="https://github.com/mx4492/freeswitch-minimal-conf">https://github.com/mx4492/freeswitch-minimal-conf</a> which are very basic, but it would be a great idea to have available a "hardened" one.</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Regards,</div><div><br></div>David Villasmil<div>email: <a href="mailto:david.villasmil.work@gmail.com" target="_blank">david.villasmil.work@gmail.com</a></div><div>phone: +34669448337</div></div></div></div>
<br><div class="gmail_quote">On Mon, Dec 12, 2016 at 4:22 PM, Brian West <span dir="ltr"><<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Kamil,<div><br></div><div>The security model of FreeSWITCH can be quite complex, To blame FreeSWITCH itself for your misconfiguration is downright FUD, If you have issues or questions on how to properly configure FreeSWITCH for this specific role you can just ask, many of us will help you create a configuration that would be robust and secure. If you would have set 'disable-transfer', to true, and possibly 'disable-register' it would also help lower your attack surface, In addition you shouldn't open your system to the planet, thats irresponsible on your part for doing so.</div><div><br></div><div>FreeSWITCH isn't a firewall, so of course its weak because its NOT a firewall.</div><div><br></div><div>And these are in the configs:</div><div><br></div><div><br></div><div>
<p class="m_3289021899759799997gmail-p1"><span class="m_3289021899759799997gmail-s1"> </span><span class="m_3289021899759799997gmail-s2"><!-- disable register and transfer which may be undesirable in a public switch --></span></p>
<p class="m_3289021899759799997gmail-p1"><span class="m_3289021899759799997gmail-s1"> </span><span class="m_3289021899759799997gmail-s2"><!--<param name="</span><span class="m_3289021899759799997gmail-s3">disable-transfer</span><span class="m_3289021899759799997gmail-s2">" value="true"/>--></span></p>
<p class="m_3289021899759799997gmail-p1"><span class="m_3289021899759799997gmail-s1"> </span><span class="m_3289021899759799997gmail-s2"><!--<param name="disable-register" value="true"/>--></span></p></div><div><br></div><div>Thanks,</div><div>/b</div><div><br><div class="gmail_extra"><span class=""><br><div class="gmail_quote">On Sun, Dec 11, 2016 at 8:17 PM, Kamil Nigmatullin <span dir="ltr"><<a href="mailto:kamil.nigmatullin@gmail.com" target="_blank">kamil.nigmatullin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I love freeswitch, but frankly I would not recomend to set it as SBC. I personally faced two attacks where FS was not good at. And we lost a lot of money. It works perfectly as NAT between internal and extenal networks, actually in everything but it is weak as a firewall. Stanislav knows that, he helped me to resolve the problem first time when it happend. I cannot go into details as this is open forum. You need to put either kamailio or opensips in front of FS.</div><div class="gmail_extra"><div><div class="m_3289021899759799997gmail-h5"><br></div></div></div></blockquote></div><br clear="all"><div><br></div></span>-- <br><div class="m_3289021899759799997gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font size="2" face="monospace, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a> <wbr>(50% Discount using code FreeSwitch50)<br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.<wbr>com</a> </font><span style="font-family:monospace,monospace;font-size:small">(50% Discount using code FreeSwitch50)</span><font size="2" face="monospace, monospace"><br></font><a href="https://www.gofundme.com/freeswitch_ubuntu" style="font-size:12.8px" target="_blank"><font face="monospace, monospace">https://www.gofundme.com/<wbr>freeswitch_ubuntu</font></a></p><p><font face="monospace, monospace">Got Bugs? Report them <a href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>
<p><font size="2" face="monospace, monospace"><b>T:</b><a href="tel:(918)%20420-9001" value="+19184209001" target="_blank">+19184209001</a> | <b>F:</b><a href="tel:(918)%20420-9002" value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div></div></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.<wbr>org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>