[Version 1.2.06]
1) A new feature allows the arno firewall to be edited with a gui.
This feature requires
astLinux version 0.6 and later, or builds since June 2008.
One or more internal interfaces must be defined for the firewall to be
active.
The Network tab has a new section...
Firewall
Many thanks to all who have contributed to this thread.
Some interesting comments to think about.
Mart
Philip Prindeville wrote:
> Gah. Meant to say "behind a router"...
>
>
> Philip Prindeville wrote:
>> Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x
>> phones.
>>
>>
Gah. Meant to say "behind a router"...
Philip Prindeville wrote:
> Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x
> phones.
>
> Or, if your phones are being a router, the router can do the encryption
> for you.
>
> Encryption is a bounded delay, and it's very constant,
Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x
phones.
Or, if your phones are being a router, the router can do the encryption
for you.
Encryption is a bounded delay, and it's very constant, so jitter (which
is as important as delay, and the delay is negligible in this
Jean-Paul wrote:
> In addition to adding the non root user, i would suggest to install a daemon
> like
>
> * fail2ban (http://www.fail2ban.org)
>
> It checks the log for failed (ssh) login attempts and block the originators
> ip address for a while. This blocks script kiddies after a few fa
In addition to adding the non root user, i would suggest to install a daemon
like
* fail2ban (http://www.fail2ban.org)
It checks the log for failed (ssh) login attempts and block the originators ip
address for a while. This blocks script kiddies after a few failed login
attempts.
Fail2ban
I would add:
- enable ssh, but disable root login over ssh (create another user, log in
with that, and then su when necessary).
- run ssh on an alternate port.
- https access only
- eat icmp's
- reduce RTP range to something reasonable
Ron Byer Jr.
NetWeave Integrated Solutions, Inc.
+1.732.78
Sorry for the slightly off topic question, but so far this list has
been very helpful to me.
Background: In the v1.2 Asterisk I was running on my MacMini I found
that ENUM was unreliable because every call to ENUMLOOKUP() did a new
DNS query and the DNS server did not reliably return all th
Martin,
you are unlikely to find OpenVPN support on the phone. The router on
the remote site should be responsible for maintaining VPN connection. I
have such setup with ADSL line (3M/512k), eight phones and 3 PCs on
remote site, all working over OpenVPN. So far it works flawlessly,
users are