On Jul 11, 2010, at 6:13 AM, Michael wrote: > Concerning the functioning of the rules, I added one simple rule "Log Local > out", leaving all default options. Clicking "Save settings", "Confirm" and > "restart firewall".
The firewall gui is working fine... if you add the rule: Log Local Out | TCP (default) | Destination: 0/0 (default) | Port: No LOG rule is added since no ports were specified. If you add the rule: Log Local Out | TCP | Destination: 0/0 | Port: 1 - 65535 Then a LOG rule is generated for all ports to all destinations for TCP going Out from the AstLinux box. (Side note, previous versions of the Arno firewall script defaulted to 'all ports' if none were specified, now if no ports are specified, no logging occurs.) To answer some of your previous questions... To allow all SIP and RTP for an external SIP phone, add something like... Pass EXT->Local | UDP | Source: 0/0 | Port: 5060 (Restrict more than any host 0/0 Source address if you can) Pass EXT->Local | UDP | Source: 0/0 | Port: 10000-20000 (The port range here should exactly match your /etc/asterisk/rtp.conf rtpstart-rtpend port range. Alternatively you can enable the 'sip-voip' plugin, but personally I keep the 'sip-voip' plugin disabled and use the above firewall rule.) Hope this helps. Lonnie ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
