How to secure Vicidial on Public IP.
Vicidial has given many security options to secure your server as below
• White List (ViciWhite)– Blocks all access except for IPs specifically defined in a ViciDial IP List
• Black List (ViciBlack)– Block any IP specifically defined in a ViciDial IP List (Defaults to SIP/IAX/RTC)
• Dynamic List (ViciBox Dynamic Portal)– Allows agents to manually authenticate with a portal to gain access to ViciDial
• VoIPBL – Community generated list of known SIP attackers, works the same as a Black List
• GeoBlock – Block IPs based on their assigned geographical location, similar to the Black List
ViciWhite is the best method to secure your Vicidial server.
Step -1 Enable IP Lists under admin > System Setting
Allow IP Lists 0 to 1
Make it 0 to 1
Click on Submit.
2- Now Click on IP Lists under admin > IP Lists
3- Click on ViciWhite
Now Add your IP or allow your IP subnet
4- Now Configure your Vicibox firewall setting Change your interface zone from Default to Public and remove all services .
Except ssh to be safe side incase you lockdown yourself.
run command # yast firewall
I have added also viciportal and vcportalssh to for Agent Validation to dynamically add agent IP to firewall after validation.
save the firewall .
5- Now insert two entry in crontab end of the file before that comment the two lines
#0 */6 * * * /usr/local/bin/VB-firewall.pl --voipbl --noblack --flush --quiet #@reboot /usr/local/bin/ipset-geoblock >/dev/null * * * * * /usr/local/bin/VB-firewall.pl --white --quiet @reboot /usr/local/bin/VB-firewall.pl --white --quiet
Now save and exit.
Now you can check your admin and agent pages are being blocked on non ViciWhite list.