Thanks Ward!
I don't have anything overly fancy, but I like to lock down pretty much any ports that don't need to be open publicly, and then allow necessary connections in by putting the IP address(es) in to the csf.allow file, or the dynamic DNS hostnames into the csf.dyndns file, once the necessary settings for dynamic DNS are enabled in the csf.conf file - basically setting the DYNDNS setting to how often you want it to check (I use 600 seconds, for every 10 minutes), and then setting DYNDNS_IGNORE to 1.
The global options might come in handy as well, and you can set CSF to pull a copy of the allow, deny, ignore, or dyndns entries from a remote server automatically.
By using dynamic DNS entries on any networks or devices that need to access the server, you should be able to lock everything down, but still be able to access everything from wherever you are.
My only concern was that CSF pretty much gets rid of any other iptables settings/entries, so I would lose anything that's already configured.
I'm setting up a PBX that will using Google Voice for all calls, with no other trunks (at this point) that need to be connected.
If I'm going to allow the phones to connect using the above methods (IP addresses or dynamic DNS hostnames), is there anything else that I would have to open to allow Google Voice to work?
Or will it initialize the connection from the server, which will take care of everything?
Thanks a lot!