cereals

Probably nothing bad happens with those faxes. A malicous actor would still need access to the physical analogue line or to the network to sniff the RTP packets (depending on how the fax is transmitted) on one of the two sides. In theory all providers involved could also sniff the traffic since calls/faxes are never end to end encrypted. But something could happen, and I dislike it very much that they demand their users to take this risk.

I like firewalld. Its also used on many enterprise distros (RHEL, SLES).

But if you just have to open one port for something, just use what's installed on your distro.

Do they want you to fax them your Id?

Whatever this company is doing, stay away from it. This is ridiculous. Fax isn't encrypted at all. Anyone asking you to do this has no idea about security and shouldn't handle your data.

Also please don't use some random fax app from the play store. They all seem sketchy as hell.

You always need to recreate the container when you change something in the compose file. Did you double all $ signs in the hashed string?