On 7/11/10 7:26 AM, Lonnie Abelbeck wrote: > On Jul 11, 2010, at 6:13 AM, Michael wrote: > > >> Concerning the functioning of the rules, I added one simple rule "Log Local >> out", leaving all default options. Clicking "Save settings", "Confirm" and >> "restart firewall". >> > The firewall gui is working fine... if you add the rule: > > Log Local Out | TCP (default) | Destination: 0/0 (default) | Port: > > No LOG rule is added since no ports were specified. > > If you add the rule: > > Log Local Out | TCP | Destination: 0/0 | Port: 1 - 65535 > > Then a LOG rule is generated for all ports to all destinations for TCP going > Out from the AstLinux box. > > (Side note, previous versions of the Arno firewall script defaulted to 'all > ports' if none were specified, now if no ports are specified, no logging > occurs.) > > > To answer some of your previous questions... > > To allow all SIP and RTP for an external SIP phone, add something like... > > Pass EXT->Local | UDP | Source: 0/0 | Port: 5060 > > (Restrict more than any host 0/0 Source address if you can) > > Pass EXT->Local | UDP | Source: 0/0 | Port: 10000-20000 > > (The port range here should exactly match your /etc/asterisk/rtp.conf > rtpstart-rtpend port range. Alternatively you can enable the 'sip-voip' > plugin, but personally I keep the 'sip-voip' plugin disabled and use the > above firewall rule.) > > Hope this helps. > > Lonnie >
The problem with this is it opens up ALL ports 10000-20000, not just those that are being used by RTP. I really, really recommend using the SIP-VOIP plugin instead. -Philip ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
