Firewall¶
IvozProvider does not currently include a firewall but...
Danger
We strongly encourage any production installation to implement a firewall to protect the platform from the wild Internet.
The protection method could be:
- Local firewall based on iptables
- External firewall
- Both
Exposed ports/services¶
These are the ports IvozProvider needs to expose to work properly:
Client side SIP signalling:
- Port 5060 (TCP/UDP)
- Port 5061 (TCP)
- Port 10080 (TCP) for Websocket connections (WS).
- Port 10081 (TCP) for Websocket secure connections (WSS).
Provider side SIP signalling:
- Port 5060 (TCP/UDP)
- Port 5061 (TCP)
Note
Port 7060 (TCP/UDP) y 7061 TCP in case both proxies share a unique IP address.
RTP audioflow:
- Port range 13000-19000 UDP
Web portal and provisioning:
- Ports TCP 80, 443, 1443, 2443 and 3443
Hint
We recommend using any geoIP blocking mechanism to drop connections from countries without clients.