If you know your users are all from with your country, or state, or even city, you could restrict geographic access in your secast.conf file like this:
ruledefault=deny ruleexceptions=NA:CA:Ontario:|NA:US:Michigan:Detroit|::Ohio:|NA The above would: - By default deny all source IP's anywhere in the world - Let in only source IP's from: 1. North America (continent), Canada (country), Ontario (region) 2. North America (continent), USA (country), Michigan (region), Detroit (city) 3. Any region called 'Ohio' anywhere in the world (not sure why you would do that but fun example) 4. Anywhere in North America So you can open up your system based solely on where you know your real users are located. -=Michelle=- ________________________________ From: asterisk-users-boun...@lists.digium.com <asterisk-users-boun...@lists.digium.com> on behalf of motty cruz <motty.c...@gmail.com> Sent: Friday, April 4, 2014 11:15 AM To: Asterisk Users List Subject: Re: [asterisk-users] Asterisk 1.6 Hello Ishfaq, outside users usually travel around the country and connect from different network, so it won't be possible to lock it down to specific IP. Thanks for your support. On Fri, Apr 4, 2014 at 8:03 AM, Ishfaq Malik <i...@pack-net.co.uk<mailto:i...@pack-net.co.uk>> wrote: On 4 April 2014 15:22, motty cruz <motty.c...@gmail.com<mailto:motty.c...@gmail.com>> wrote: thank you all for your support. I am using Linux, I only have about 7 users outside our home network. I will learn fail2ban and will use it accordingly. again Thanks for your support. Do the 7 users outside of your home network always connect from the same IP addresses? If so, you can just lock down your SIP port to those 7 IPs explicitly in your IPTables configuration. Another option would be to change which port you're running SIP on. -- Ishfaq Malik Department: VOIP Support Company: Packnet Limited t: +44 (0)845 004 4994<tel:%2B44%20%280%29845%20004%204994> f: +44 (0)161 660 9825<tel:%2B44%20%280%29161%20660%209825> e: i...@pack-net.co.uk<mailto:i...@pack-net.co.uk> w: http://www.pack-net.co.uk<http://www.pack-net.co.uk/> Registered Address: PACKNET LIMITED, Duplex 2, Ducie House 37 Ducie Street Manchester, M1 2JW COMPANY REG NO. 04920552 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com<http://www.api-digital.com/> -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
