Re: [Asterisk-Users] Asterisk iptables rules
The simple solution was that I was missing: iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT Which caused replies to outgoing traffic to be stopped in the firewall... So problem wasnt really related to asterisk at all...doh - Original Message - From: "Goran Tornqvist" <[EMAIL PROTECTED]> To: "Asterisk Users Mailing List - Non-Commercial Discussion" Sent: Friday, October 28, 2005 9:52 AM Subject: Re: [Asterisk-Users] Asterisk iptables rules Hello, After further checking I found that when activating the firewall no traffic is allowed OUT from the box. Nameresolving, http, nothing accept ICMP works, even though I added: iptables -A OUTPUT -p all -j ACCEPT So I think its not related to asterisk at all, rather some iptables config problem... I'll see if I can fix that problem first...thats maybe the reason why it doesnt work. Thanks for your help anyway... Best Regards Goran - Original Message - From: "Steve Davies" <[EMAIL PROTECTED]> To: "Asterisk Users Mailing List - Non-Commercial Discussion" Sent: Thursday, October 27, 2005 12:10 PM Subject: Re: [Asterisk-Users] Asterisk iptables rules I would suggest that you are missing something like: iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT This will mean that if a UDP packet is sent by * from sport:2345, dport:5060, then the response (sport:5060, dport:2345) will be allowed in, whereas at present that is not the case. I cannot say whether this type of packet will ever be sent, but I always include the rule for completeness. Alternatively, add a "LOG" rule, just before the DROP rule, and see what is being dropped... Regards, Steve On 10/27/05, Goran Tornqvist <[EMAIL PROTECTED]> wrote: One last check...won't ask again, promise :) Does someone know a solution to my problem below? Best Regards Goran - Original Message - From: Goran Tornqvist To: asterisk-users@lists.digium.com Sent: Wednesday, October 26, 2005 10:33 AM Subject: Asterisk iptables rules Hello, I have trouble getting asterisk to work with my new firewall script (see below). I used this info as base: 'http://www.voip-info.org/wiki-Asterisk+firewall+rules And then modified it to suit my needs. I use only SIP and the problem is that the calls get in to asterisk when the firewall is activated. But my agents/phones cant register or receive any calls. So all calls get stuck in queue on asterisk. So I believe Im missing some rule perhaps? Can anyone help me sort this out? Thanks... Best Regards Goran /etc/init.d/firewall == #IPTables firewall configuration for X export PATH=$PATH:/sbin case "$1" in start) echo "Starting iptables firewall..." iptables --flush iptables --delete-chain iptables -A INPUT -p icmp -i eth0 -j ACCEPT # START OPEN PORTS #= #SSH (22) iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT #SAMBA: netbios (139) , microsoft-ds (445) iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT #ASTERISK # SIP (UDP 5060) iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT # IAX2/IAX iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT # RTP - the media stream iptables -A INPUT -p udp -m udp -i eth0 --dport 1:2 -j ACCEPT # MGCP - if you use media gateway control protocol in your configuration iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT #END ASTERISK #MySQL (3306) iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT #SNMP (161) - Allow from cacti server iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT #Ftp / Passive ports iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT #Http / Web iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT #Webmin (1) iptables -A INPUT -p tcp -i eth0 --dport 1 -j ACCEPT # END OPEN PORTS #= #Deny everything else iptables -A INPUT -p all -i eth0 -j DROP exit 0; ;; stop) echo "Stopping iptables firewall..." iptables --flush iptables --delete-chain exit 0; ;; *) echo "Valid switches: firewall start , firewall stop"; esac; ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-U
Re: [Asterisk-Users] Asterisk iptables rules
Hello, After further checking I found that when activating the firewall no traffic is allowed OUT from the box. Nameresolving, http, nothing accept ICMP works, even though I added: iptables -A OUTPUT -p all -j ACCEPT So I think its not related to asterisk at all, rather some iptables config problem... I'll see if I can fix that problem first...thats maybe the reason why it doesnt work. Thanks for your help anyway... Best Regards Goran - Original Message - From: "Steve Davies" <[EMAIL PROTECTED]> To: "Asterisk Users Mailing List - Non-Commercial Discussion" Sent: Thursday, October 27, 2005 12:10 PM Subject: Re: [Asterisk-Users] Asterisk iptables rules I would suggest that you are missing something like: iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT This will mean that if a UDP packet is sent by * from sport:2345, dport:5060, then the response (sport:5060, dport:2345) will be allowed in, whereas at present that is not the case. I cannot say whether this type of packet will ever be sent, but I always include the rule for completeness. Alternatively, add a "LOG" rule, just before the DROP rule, and see what is being dropped... Regards, Steve On 10/27/05, Goran Tornqvist <[EMAIL PROTECTED]> wrote: One last check...won't ask again, promise :) Does someone know a solution to my problem below? Best Regards Goran - Original Message - From: Goran Tornqvist To: asterisk-users@lists.digium.com Sent: Wednesday, October 26, 2005 10:33 AM Subject: Asterisk iptables rules Hello, I have trouble getting asterisk to work with my new firewall script (see below). I used this info as base: 'http://www.voip-info.org/wiki-Asterisk+firewall+rules And then modified it to suit my needs. I use only SIP and the problem is that the calls get in to asterisk when the firewall is activated. But my agents/phones cant register or receive any calls. So all calls get stuck in queue on asterisk. So I believe Im missing some rule perhaps? Can anyone help me sort this out? Thanks... Best Regards Goran /etc/init.d/firewall == #IPTables firewall configuration for X export PATH=$PATH:/sbin case "$1" in start) echo "Starting iptables firewall..." iptables --flush iptables --delete-chain iptables -A INPUT -p icmp -i eth0 -j ACCEPT # START OPEN PORTS #= #SSH (22) iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT #SAMBA: netbios (139) , microsoft-ds (445) iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT #ASTERISK # SIP (UDP 5060) iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT # IAX2/IAX iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT # RTP - the media stream iptables -A INPUT -p udp -m udp -i eth0 --dport 1:2 -j ACCEPT # MGCP - if you use media gateway control protocol in your configuration iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT #END ASTERISK #MySQL (3306) iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT #SNMP (161) - Allow from cacti server iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT #Ftp / Passive ports iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT #Http / Web iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT #Webmin (1) iptables -A INPUT -p tcp -i eth0 --dport 1 -j ACCEPT # END OPEN PORTS #= #Deny everything else iptables -A INPUT -p all -i eth0 -j DROP exit 0; ;; stop) echo "Stopping iptables firewall..." iptables --flush iptables --delete-chain exit 0; ;; *) echo "Valid switches: firewall start , firewall stop"; esac; ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users __
Re: [Asterisk-Users] Asterisk iptables rules
I would suggest that you are missing something like: iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT This will mean that if a UDP packet is sent by * from sport:2345, dport:5060, then the response (sport:5060, dport:2345) will be allowed in, whereas at present that is not the case. I cannot say whether this type of packet will ever be sent, but I always include the rule for completeness. Alternatively, add a "LOG" rule, just before the DROP rule, and see what is being dropped... Regards, Steve On 10/27/05, Goran Tornqvist <[EMAIL PROTECTED]> wrote: > > One last check...won't ask again, promise :) > Does someone know a solution to my problem below? > > Best Regards > Goran > > - Original Message - > From: Goran Tornqvist > To: asterisk-users@lists.digium.com > Sent: Wednesday, October 26, 2005 10:33 AM > Subject: Asterisk iptables rules > > > Hello, > I have trouble getting asterisk to work with my new firewall script (see > below). > I used this info as base: > 'http://www.voip-info.org/wiki-Asterisk+firewall+rules > And then modified it to suit my needs. > > I use only SIP and the problem is that the calls get in to asterisk when the > firewall is activated. > But my agents/phones cant register or receive any calls. So all calls get > stuck in queue on asterisk. > So I believe Im missing some rule perhaps? > > Can anyone help me sort this out? > > Thanks... > > Best Regards > Goran > > /etc/init.d/firewall > == > > #IPTables firewall configuration for X > > export PATH=$PATH:/sbin > > case "$1" in > start) > > echo "Starting iptables firewall..." > > iptables --flush > iptables --delete-chain > > iptables -A INPUT -p icmp -i eth0 -j ACCEPT > > # START OPEN PORTS > #= > > #SSH (22) > iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT > > #SAMBA: netbios (139) , microsoft-ds (445) > iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT > iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT > > #ASTERISK > > # SIP (UDP 5060) > iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT > iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT > > # IAX2/IAX > iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT > iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT > > # RTP - the media stream > iptables -A INPUT -p udp -m udp -i eth0 --dport 1:2 -j ACCEPT > > # MGCP - if you use media gateway control protocol in your > configuration > iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT > > #END ASTERISK > > #MySQL (3306) > iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT > iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT > > #SNMP (161) - Allow from cacti server > iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT > iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT > > #Ftp / Passive ports > iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT > iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT > > #Http / Web > iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT > > #Webmin (1) > iptables -A INPUT -p tcp -i eth0 --dport 1 -j ACCEPT > > # END OPEN PORTS > #= > > #Deny everything else > iptables -A INPUT -p all -i eth0 -j DROP > > exit 0; > ;; > > stop) > > echo "Stopping iptables firewall..." > iptables --flush > iptables --delete-chain > > exit 0; > ;; > > *) > echo "Valid switches: firewall start , firewall stop"; > > esac; > > ___ > --Bandwidth and Colocation sponsored by Easynews.com -- > > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Asterisk iptables rules
One last check...won't ask again, promise :) Does someone know a solution to my problem below? Best Regards Goran - Original Message - From: Goran Tornqvist To: asterisk-users@lists.digium.com Sent: Wednesday, October 26, 2005 10:33 AM Subject: Asterisk iptables rules Hello, I have trouble getting asterisk to work with my new firewall script (see below). I used this info as base: 'http://www.voip-info.org/wiki-Asterisk+firewall+rules And then modified it to suit my needs. I use only SIP and the problem is that the calls get in to asterisk when the firewall is activated. But my agents/phones cant register or receive any calls. So all calls get stuck in queue on asterisk. So I believe Im missing some rule perhaps? Can anyone help me sort this out? Thanks... Best Regards Goran /etc/init.d/firewall == #IPTables firewall configuration for X export PATH=$PATH:/sbin case "$1" in start) echo "Starting iptables firewall..." iptables --flush iptables --delete-chain iptables -A INPUT -p icmp -i eth0 -j ACCEPT # START OPEN PORTS #= #SSH (22) iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT #SAMBA: netbios (139) , microsoft-ds (445) iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT #ASTERISK # SIP (UDP 5060) iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT # IAX2/IAX iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT # RTP - the media stream iptables -A INPUT -p udp -m udp -i eth0 --dport 1:2 -j ACCEPT # MGCP - if you use media gateway control protocol in your configuration iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT #END ASTERISK #MySQL (3306) iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT #SNMP (161) - Allow from cacti server iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT #Ftp / Passive ports iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT #Http / Web iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT #Webmin (1) iptables -A INPUT -p tcp -i eth0 --dport 1 -j ACCEPT # END OPEN PORTS #= #Deny everything else iptables -A INPUT -p all -i eth0 -j DROP exit 0; ;; stop) echo "Stopping iptables firewall..." iptables --flush iptables --delete-chain exit 0; ;; *) echo "Valid switches: firewall start , firewall stop"; esac; ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Asterisk iptables rules
Hello, I added these rules to my firewall, and it works fine: # voip mangle $IPTABLES -t mangle -A FORWARD -p udp --dport 5060:5069 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A FORWARD -p tcp --dport 5060:5069 -j TOS --set-tos Minimize-Delay $IPTABLES -t mangle -A FORWARD -p udp --dport 1:2 -j TOS --set-tos Minimize-Delay I put the voip rules before any tcp or udp rules. Hope this helps, Murrah - Original Message - From: "Goran Tornqvist" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 1:33 AM Subject: [Asterisk-Users] Asterisk iptables rules Hello, I have trouble getting asterisk to work with my new firewall script (see below). I used this info as base: 'http://www.voip-info.org/wiki-Asterisk+firewall+rules And then modified it to suit my needs. I use only SIP and the problem is that the calls get in to asterisk when the firewall is activated. But my agents/phones cant register or receive any calls. So all calls get stuck in queue on asterisk. So I believe Im missing some rule perhaps? Can anyone help me sort this out? Thanks... Best Regards Goran /etc/init.d/firewall == #IPTables firewall configuration for X export PATH=$PATH:/sbin case "$1" in start) echo "Starting iptables firewall..." iptables --flush iptables --delete-chain iptables -A INPUT -p icmp -i eth0 -j ACCEPT # START OPEN PORTS #= #SSH (22) iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT #SAMBA: netbios (139) , microsoft-ds (445) iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT #ASTERISK # SIP (UDP 5060) iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT # IAX2/IAX iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT # RTP - the media stream iptables -A INPUT -p udp -m udp -i eth0 --dport 1:2 -j ACCEPT # MGCP - if you use media gateway control protocol in your configuration iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT #END ASTERISK #MySQL (3306) iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT #SNMP (161) - Allow from cacti server iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT #Ftp / Passive ports iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT #Http / Web iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT #Webmin (1) iptables -A INPUT -p tcp -i eth0 --dport 1 -j ACCEPT # END OPEN PORTS #= #Deny everything else iptables -A INPUT -p all -i eth0 -j DROP exit 0; ;; stop) echo "Stopping iptables firewall..." iptables --flush iptables --delete-chain exit 0; ;; *) echo "Valid switches: firewall start , firewall stop"; esac; > ___ > --Bandwidth and Colocation sponsored by Easynews.com -- > > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Asterisk iptables rules
Hello, I have trouble getting asterisk to work with my new firewall script (see below). I used this info as base: 'http://www.voip-info.org/wiki-Asterisk+firewall+rules And then modified it to suit my needs. I use only SIP and the problem is that the calls get in to asterisk when the firewall is activated. But my agents/phones cant register or receive any calls. So all calls get stuck in queue on asterisk. So I believe Im missing some rule perhaps? Can anyone help me sort this out? Thanks... Best Regards Goran /etc/init.d/firewall == #IPTables firewall configuration for X export PATH=$PATH:/sbin case "$1" in start) echo "Starting iptables firewall..." iptables --flush iptables --delete-chain iptables -A INPUT -p icmp -i eth0 -j ACCEPT # START OPEN PORTS #= #SSH (22) iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT #SAMBA: netbios (139) , microsoft-ds (445) iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT #ASTERISK # SIP (UDP 5060) iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT # IAX2/IAX iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT # RTP - the media stream iptables -A INPUT -p udp -m udp -i eth0 --dport 1:2 -j ACCEPT # MGCP - if you use media gateway control protocol in your configuration iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT #END ASTERISK #MySQL (3306) iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT #SNMP (161) - Allow from cacti server iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT #Ftp / Passive ports iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT #Http / Web iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT #Webmin (1) iptables -A INPUT -p tcp -i eth0 --dport 1 -j ACCEPT # END OPEN PORTS #= #Deny everything else iptables -A INPUT -p all -i eth0 -j DROP exit 0; ;; stop) echo "Stopping iptables firewall..." iptables --flush iptables --delete-chain exit 0; ;; *) echo "Valid switches: firewall start , firewall stop"; esac; ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users