Hi Tom, this system only hosts asterisk, nothing else. It seems I don't need any helper, just normal conntrack for outgoing connections (like HTTP for Debian APT).
Listing all helper in DONT_LOAD would work but I don't think I need any. Can I just disable all helpers? Kevin Am Mi., 6. Feb. 2019 um 19:44 Uhr schrieb Tom Eastep <teas...@shorewall.net>: > > On 2/6/19 10:13 AM, Tom Eastep wrote: > > On 2/6/19 9:50 AM, Kevin Olbrich wrote: > >> Hi! > >> > >> I read this article: > >> http://shorewall.org/Helpers.html > >> > >> Currently I have some problems with an Asterisk installation and > >> broken SIP packets (because they are generated by bots). > >> While I try to debug this, I noticed that the SIP helper is active. As > >> far as I understand, I don't need it because I have correct rules in > >> place (also, I don't want the firewall to open ports based on the SDP > >> for RTP as this is hardcoded in my setup). > >> > >> Should I set "AUTOHELPERS=Yes" to No in shorewall.conf? > >> > > > > That isn't necessary. AUTOHELPERS=Yes simply associates those helpers > > that are enabled with their respective protocol and port. > > > > As explained in the helpers article, to disable SIP you list the SIP > > helper in DONT_LOAD, then list the helpers that you do want to load in > > HELPERS. > > > > For example, in my own configuration I have: > > DONT_LOAD="nf_nat_sip,nf_conntrack_sip,nf_conntrack_h323,nf_nat_h323" > > HELPERS="ftp,irc" > > That loads only the ftp and irc helpers. > > -Tom > -- > Tom Eastep \ Q: What do you get when you cross a mobster with > Shoreline, \ an international standard? > Washington, USA \ A: Someone who makes you an offer you can't > http://shorewall.org \ understand > \_______________________________________________ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
