I am setting up a firewall to give some additional protection to a remote asterisk server, but want a little help, as, at this level (server), I want to get it right first time!!
1 - I have chosen the option to allow all webmin related activity through, to get the basics going.
2 - I have added in all relevent IP addresses i.e. for my VoIP providers (for the trunk connection) and for the users/extensions, to allow if Source
3 - The providers have static IP adresses, however some extension are on conections that are dynamic. I have added in the dynamic address e.g. 18.104.22.168. Assuming that the ADSL provider works within an address range, what is the correct way to assign a range? Is it 22.214.171.124/24 or 126.96.36.199/24 for a wider pool?
4 - Once I have sorted the ranges, I want to lock the server down, only allowing aproved IP addresses and services to have access. a - Do I do this by dropping/rejecting Source 0.0.0.0/24 b - if this is right, should this be at the top of the list, so it is the first action c- what are the implications of choosing drop/reject. The wiki http://doxfer.webmin.com/Webmin/LinuxFirewall comments on dropping, but not rejecting!
Thanks in advance for you comments.