Hello, if you dont know iptables that much, and would like to see more user
friendly configuration method, i suggest you to use Shorewall, which is
very flexible, has some clear logs, and generates same iptable rules behind.
2009/2/8 David fire ddf...@gmail.com
denay permit are in sip.conf and
On Fri, 6 Feb 2009, oumar ndiaye wrote:
Is there a way to restrict connection to my asterisk server to users based
on their IP addresses, and not just password. I have some hackers who
connect to my server to make illegitimate solicitation calls to people. I
had to shutdown the server for now
what about something along the lines of...
iptables -A INPUT -p udp --dport 5060 -j DROP
iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT
Cheers
On Mon, Feb 09, 2009 at 11:09:34AM +, Geraint Lee wrote:
what about something along the lines of...
iptables -A INPUT -p udp --dport 5060 -j DROP
iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT
iptables -A
well, you got the general idea :)
2009/2/9 Tzafrir Cohen tzafrir.co...@xorcom.com
On Mon, Feb 09, 2009 at 11:09:34AM +, Geraint Lee wrote:
what about something along the lines of...
iptables -A INPUT -p udp --dport 5060 -j DROP
iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060
On Monday 09 February 2009 04:17:47 Gordon Henderson wrote:
On Fri, 6 Feb 2009, oumar ndiaye wrote:
Is there a way to restrict connection to my asterisk server to users
based on their IP addresses, and not just password. I have some hackers
who connect to my server to make illegitimate
On Mon, 9 Feb 2009, Geraint Lee wrote:
what about something along the lines of...
iptables .
Well, whatever, but this isn't an answer to my question and I'm still
curious as to how the hackers are breaking usernames and passwords, as I
have servers which I can't firewall and if there
What distribution are you using? Below is a tutorial from the ubuntu
site but it should give you the basics of setting up iptables rules. I
have created custom rules for all my servers and the amount of junk
traffic has been dramatically reduced.
Good Luck!!
denay permit are in sip.conf and iax.conf
David
2009/2/7 oumar ndiaye ondi...@antg.com
David,
Thanks in advance. Where do I change the user/peers definition? Is it in
the firewall of the OS? In that case that won't work because the server host
other services such as ssh http that are open to
you have many options but you should use it together.
firewall
in the user/peers definitions add host=ip
and/or
deny=0.0.0.0/0.0.0.0
permit=ip/mask
change the ip of your server.
use something like ossec to avoid force brute.
David
2009/2/6 oumar ndiaye ond4...@gmail.com
Is there a way to
David,
Thanks in advance. Where do I change the user/peers definition? Is it in the
firewall of the OS? In that case that won't work because the server host
other services such as ssh http that are open to any IP as long as the user
has the correct credentials. Doesn't asterisk itself has built in
use IP tables and start with deny all. Follow this by allowing only
the protocols/ports you want and only the source/destination ip's you
wish to allow. these can be combined to say allow ssh from anywhere
but only allow sip (and it's range of ports) to/from a very limited
set of ip's belonging
You should be able to do some sort of iptable magic to restrict incoming
activity to specific IP addresses. It depends on your flavor of Linux.
Google linux hardening.
_
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of oumar
uhm, strange but does this work on your setup? even with permit and
deny, if a user is not matched in the conf, it is allowed access to the
default context stated in the conf.
On Wed, 2004-04-28 at 16:12, James H. Thompson wrote:
I think the problem is that using permit= alone does nothing.
14 matches
Mail list logo