ACL- What does it really do?

[Andrew Byrd]

I have all my IP addresses from my service providers listed in the ACL as the documentation says to do.

My incoming IP's keep getting blocked by fail2ban.

I will add those to the allowed list

BUT

What is the purpose of ACL if I have to whitelist the IP addresses of the service providers anyway

 

[DigitalDaz]

Look at the fail2ban log and find out why your carrier ips are getting blocked

 

[DigitalDaz]

If you have any numbers routing from your carrier to your PBX that are no longer defined on your PBX, that will get you banned.

 

[Andrew Byrd]

That was it Daz. I had some numbers that were not in destinations. But what is the purpose of ACL? I went ahead and white listed all my carrier IPS in Fail2ban (ignoreip) to be safe for the future.

 

[DigitalDaz]

The ACL is to put them into the public context on the fusionpbx side of things. I would rather use iptables to handle this myself, personally.

 

[smn]

Unlike SIP endpoints, SIP trunks do not register with the PBX. So you need some other way to identify them as legitimate traffic if you do not want to allow all anonymous traffic hitting the external profile port. That is basically what ACL is for.

I personally dislike the way it's presented in the GUI. It's not really intuitive. So you just have to know how to configure it. Very easy to get it wrong if you try intuitively do it based on the labeling as opposed to following exact instructions. I still have to keep referring back to written instructions if I haven't done it in awhile.