FusionPBX is an amazing WEB frontend for FreeSWITCH. But as any non-proprietary project (I mean OpenSource licenced), installation is not as easy as everyone would wish. So, here I explain one of the many methods available to install it.
This installation by default will install FusionPBX with the following capabilities:
This way, if you want to do later advanced configuration such as load balancing or HA, you don't need to do a big thing in the FreeSWITCH or FusionPBX end.
Everyone knows that CentOS only takes care of some specific core packages. All others, if you want to continue using RPM's, must be used from alternative Repositories. There are many alternatives:
I especially do contributions to the OKay repository. So, if you want to use OKay follow these steps:
I will post later as I publish some updates or packages.
Soon I will stop updating the CentOS 6 repository.
If you have installed FusionPBX from the installation scripts you will notice it has already some fail2ban configurations. If you are using my RPM's, it doe not include any kind of this configuration as my philosophy is to specialize in the package to do one thing, not a do-it-all. Anyway, if you are only using FusionPBX with FreeSWITCH as a personal PBX those rules should be more than enough.
I recommend you do a quick reading of my previous fail2ban post where I describe the gap between Layer 7 exposures versus Layer 3 controls. You will understand my thinking.
If you are being more serious about your PBX or you are running a business you will find at one point those rules are not enough. I will explain myself a little more. As a commercial service, your exposure to the world is bigger; your domain is advertised, telephones do DNS, HTTP and SIP request to your servers and sooner than later you will start getting your first kiddy scripts targeting your servers. As you grow, you will find your customers are far to be technical; they do many dumb things (wrong password because they changed something on the service or inside jobs from tech staff are some examples) which leads to fail2ban rule applications.
There is nothing more harmful than a bad review from an ignorant customer. They do not know why they are being blocked. So, here is where we need to tun fail2ban and add some important information to pre-block offending IP's.