> On 10/09/2021, at 4:37 AM, Marek Greško <mgres...@gmail.com> wrote: > > There are other systems running on the same hardware. It would just > leave open ports here. > > Do not compare SIP ALG on a closed source device to an opensource > software with active development. I had no such problems in the past > when using iptables. The nftables is a pretty new software, so some > bugs could be present and I accept. I just wanted to be sure I am not > doing anything wrong. Now I am pretty sure it is a bug.
I very much doubt it’s a bug, but that’s your choice to pursue that You ask for help but perhaps you are not wanting to listen If you open your asterisk rtp ports in your firewall then you are following pretty much what everyone else does. Otherwise you are letting another device interfere with your Sip transactions and we have already shown that’s a bad idea. Makes no difference whether it’s open source or not. But up to you > > Thanks > > Marek > > > 2021-09-09 18:30 GMT+02:00, Administrator <ad...@tootai.net>: >> >>> Le 09/09/2021 à 18:15, Marek Greško a écrit : >>> There is always some risk. If there is a solution that should work, it >>> is best to use it. We just need the root cause, why it fails >>> sometimes. >> >> Like SIP ALG ? ;) Please explain which risk are existing if there is >> nothing listening on those ports ? >> >>> >>> >>> 2021-09-09 18:01 GMT+02:00, Antony Stone >>> <antony.st...@asterisk.open.source.it>: >>>> On Thursday 09 September 2021 at 17:56:10, Marek Greško wrote: >>>> >>>>> Hello, >>>>> >>>>> I would not like to open whole range of udp ports for rtp. >>>> Why not? What is the risk? >>>> >>>> What would possibly be listening on UDP ports 10000 - 20000 (the Asterisk >>>> default range) which an external scanner / attacker could make use of? >> >> -- >> Daniel >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> Check out the new Asterisk community forum at: >> https://community.asterisk.org/ >> >> New to Asterisk? Start here: >> https://wiki.asterisk.org/wiki/display/AST/Getting+Started >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
