Hi, I seem to be facing an intrusion issue, inspite of firewall (script attached).
What am I missing ?? Any suggestions / recommendation are welcome pls. Best regards, Sans
#!/bin/bash echo 0 > /proc/sys/net/ipv4/ip_forward # Clear any existing firewall stuff before we start /sbin/iptables --flush # As the default policies, drop all incoming traffic but allow all # outgoing traffic. This will allow us to make outgoing connections # from any port, but will only allow incoming connections on the ports # specified below. /sbin/iptables --policy INPUT DROP /sbin/iptables --policy FORWARD DROP /sbin/iptables --policy OUTPUT ACCEPT # Allow all incoming traffic if it is coming from the local loopback device /sbin/iptables -A INPUT -i lo -j ACCEPT # Allow icmp input so that people can ping us /sbin/iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW -j ACCEPT # Allow returning packets /sbin/iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow incoming traffic on port 8000 for web server & 2200 for SSh /sbin/iptables -A INPUT -p tcp --dport 8000 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 2200 -j ACCEPT ############################################################################# ###################### RESTRICTED SIP ACCESS ################################ ############################################################################# # LAN /sbin/iptables -A INPUT -p tcp -i eth0 -s 192.168.1.0/24 --dport 5060:5062 -j ACCEPT /sbin/iptables -A INPUT -p udp -i eth0 -s 192.168.1.0/24 --dport 5060:5062 -j ACCEPT /sbin/iptables -A INPUT -p udp -i eth0 -s 192.168.1.0/24 --dport 10000:20000 -j ACCEPT # Allow traffic from VoIP Service Provider /sbin/iptables -A INPUT -p udp -i eth1 -s 11.11.11.11 --dport 5060:5062 -j ACCEPT /sbin/iptables -A INPUT -p tcp -i eth1 -s 11.11.11.11 --dport 5060:5062 -j ACCEPT /sbin/iptables -A INPUT -p udp -i eth1 -s 11.11.11.11 --dport 10000:20000 -j ACCEPT # Check new packets are SYN packets for syn-flood protection /sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Drop fragmented packets /sbin/iptables -A INPUT -f -j DROP # Drop malformed XMAS packets /sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # Drop null packets /sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # Log and drop any packets that are not allowed. You will probably want to turn off the logging #/sbin/iptables -A INPUT -j LOG --log-level 4 /sbin/iptables -A INPUT -j REJECT
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users