Add a Static Defense Rule

Static defense rules are used to control and filter traffic sent to Yeastar P-Series PBX System. This topic describes how to add a static defense rule.

Procedure

  1. Log in to PBX web portal, go to Security > Security Rules > Static Defense, click Add.
  2. In the Basic section, configure basic settings for the rule.4
    • Name: Enter a name to help you identify the rule.
    • Description: Optional. Add a note to the rule.
    • Action: Select an action for the rule.
      • Accept: Accept connections from a specific address.
      • Drop: Restrict a specific address from accessing a specific service or port of the PBX, and do NOT send any error notifications back to the sender.
      • Reject: Restrict a specific address from accessing a specific service or port of the PBX, and send error notifications back to the sender.
  3. In the Defense Object section, configure relevant settings of defense objects.
    • Object Type: Choose the type of the source traffic.
      • IP Address: If you choose the option, enter an IP address or an IP section in the Source IP Address / Subnet Mask field.
      • Domain: If you choose the option, enter a domain in the Domain Name field.
      • MAC Address: If you choose the option, enter a MAC address in the MAC Address field.
    • Service/Port Range: Set whether the rule is applied to a specific service or a port range.
      Note: The setting is available ONLY when you set Action to Drop or Reject.
      • Service: Select a service from the drop-down list. The defense rule will be applied to the service and the service port.
        Note: The port follows the setting in Service Ports (System > Network).
      • Port Range: Set a port range.
    • Protocol: Choose a protocol to which the rule is applied.
      • UDP
      • TCP
      • BOTH: Both UDP and TCP.
  4. Click Save.

Result

  • For address that is allowed to access the PBX, the system will always accept connections from the address.
  • For address that is restricted from accessing a specific service or port of the PBX, the system will block it when the address tries to access the service or the port.