Firewall Rules

We strongly recommend you to enable and configure firewall on the PBX to prevent the attack fraud or calls loss.

Enable Firewall on the PBX

Go to Settings > System > Security > Firewall Rules, check the option Enable Firewall.

If firewall is enabled, the page will show "Firewall is running", and the firewall rules will work to protect your PBX.

Firewall Rules

Firewall rules are pre-configured rules to control and filter traffic that are sent to the PBX. Yeastar S-Series VoIP PBX has default firewall rules to accept access of your local network. You can also create new rules according to your needs.
Default firewall rules

By default, the following types of IP address or domain are included in Yeastar S-Series VoIP PBX firewall rules:

  • Local network
    • 10.0.0.0/255.0.0.0
    • 172.16.0.0/255.240.0.0
    • 192.168.0.0/255.255.0.0
    • 169.254.0.0/255.255.0.0
  • Domain related with Yeastar
    • appcenter.yeastar.com
    • update.yeastar.com
    • mgt.yeastar.com
    • stund.yeastar.com
    • cwmp.yeastar.com
    • lcstunnel.yeastar.com
    • image.yeastar.com
  • IP address of phones that are auto provisioned
Create firewall rules
Besides the default firewall rules, you can create other rules to filter specific source IP address or domain name, ports, MAC address.
Go to Settings > System > Security > Firewall Rules to configure the firewall rules.
  • Name: Set a name to identify the firewall rule.
  • Description: Optional. Description for this firewall rule.
  • Action: Choose the action for the firewall rule.
    • Accept
    • Drop
    • Reject
  • Protocol: Choose the protocol that is applied to the rule.
    • UDP
    • TCP
    • BOTH: Both TCP and UDP.
  • MAC Address: Optional. The MAC address that is applied to the rule.

    The format of MAC address is XX:XX:XX:XX:XX:XX.

  • Type: Choose the network type of the source traffic.
  • Source IP Address/Subnet Mask: The IP address and subnet of the source traffic.
  • Domain Name: The domain name of the source traffic.
  • Port: The port of the source traffic.

Additional Firewall Settings

The PBX provides additional firewall settings to enhance the system security.

  • Disable Ping: The PBX will disable Ping response (ICMP echo).
  • Drop All: The PBX will drop all the packets and connections from other hosts except the accepted/trusted IP address/domain that is defined in the firewall rules.
    Note: We recommend that you create a backup on the PBX before you enable Drop All.