On Friday 02 Jul 2010, Ira wrote: > At 11:14 PM 7/1/2010, you wrote: > >Same activity from these IPs: > >174.129.137.135 > > Given that my Asterisk box is used for nothing but Asterisk and I > know the small number of IPs that need to have access is there an > easy way to use iptables to block everything but those 6 IPs and > provider addresses?
Yes, dead easy! Just configure iptables to accept IAX traffic (TCP and UDP port 4569) only from trusted IP addresses, and drop it from anywhere else. Here I am assuming eth0 is the "outside" connection, and the permitted IP addresses are 10.11.12.13 and 10.11.12.14. # accept IAX traffic (port 4569) from 10.11.12.13 iptables -A FORWARD -s 10.11.12.13/32 -i eth0 -p tcp -m tcp --dport 4569 -j ACCEPT iptables -A FORWARD -s 10.11.12.13/32 -i eth0 -p udp -m udp --dport 4569 -j ACCEPT # accept IAX traffic (port 4569) from 10.11.12.14 iptables -A FORWARD -s 10.11.12.14/32 -i eth0 -p tcp -m tcp --dport 4569 -j ACCEPT iptables -A FORWARD -s 10.11.12.14/32 -i eth0 -p udp -m udp --dport 4569 -j ACCEPT # drop all other IAX traffic iptables -A FORWARD -i eth0 -p udp -m udp --dport 4569 -j DROP iptables -A FORWARD -i eth0 -p tcp -m tcp --dport 4569 -j DROP Obviously if the "permitted" connection addresses fall neatly into a block, you can use fewer rules :) If there are a few addresses in the block that shouldn't be permitted, put one or more DROP rules first for those addresses, then an ACCEPT rule for (the rest of) the block, then another DROP rule. -- AJS -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users