[asterisk-biz] 87.230.80.186 - Trying to register (Zeeshan Zakaria)‏

Calleasy BsAS sisint2005 at hotmail.com
Thu Jun 24 16:01:29 CDT 2010 

I think that you need add some changes in the RULE sentence or add some other, 

 

iptables -I INPUT -p TCP -s 87.230.90.5 --dport 5060  -j REJECT ( yes need the -j)

 

former needs the -j in any rules this tell iptables modules to which target JUMP when the condition was matched or satisfied.

 

on this rule  you are telling to iptables that  all the packets coming from this source ip, and having TCP protocol  pointed to destinatio port 

must  jump to ----------> other module or action .. inthis case  REJECT or DROP or to a custom CHAIN  ( i.e. BADGUYS ) where you  specifiy new rules to "treat" to the badguys"

 

said this,  some suggestions follows....

 

 

 

1) change "-A INPUT" for  "-I INPUT" so the rule  will be  inserted at the  top , avoiding  travel trough other rules with not any sense :-) , must  hurry  to   block the enemy!!!! 

 

2) change -p tcp ( must be in lower case)    for -p all ( if your version support it,   or insert two rules one for "udp"  other for "tcp"  if you PBX accept registration on tcp conn,,  or just   don't put anything in the protcol parameter ,  iptables -I INPUT -s 87.230.90.5 -j REJECT  it must block any packet from this source don't care protocl or port,) check you conf for sip. to know if you acceppt registration on TCP , former asterisk version (1.4 or lower DON'T )

 

3) change REJECT ( this create outgoing trafiic replying "rejected" )   by  DROP  ( just left the packet on the floor :-)  )

 

4) add -i ethX  if you have more than one Ethertnet o network adapter , ( means on which device  to apply the filter ) more efective , less charge to SPI the packet   

 

 

5) if you have one router/Bridge ( brX  inteface on linux box for QoS,  br is made with two or more interfaces "bridged" at layer 2 ) and / or your have enable forwarding  between  two interfaces,  some  rule also must be applied to  FORWARD chain , or the OUTPUT chain inthe interface that connect to youur PBX  regarding the source ip addres -s 87.230.90.5  to avoid outgoing traffic  from this source to   your  PBX , beacuse INPUT ONLY APPLIES TO THOSE PACKET THAT GO INTO THE BOX , NOT FOR  passtrough o forward... be carefull with that

 

once you have write the filter can check if it working using "iptables -L -vn"  this shows up the packets that match in the rules 

 

example follow 

 

log]# iptables -L -vn

 

prints  something like this 

 

 


Chain INPUT (policy ACCEPT 16M packets, 1614M bytes)
 pkts bytes target     prot opt in     out     source               destination
    1   144 DROP       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           udp dpts:1712:1720
    0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpts:1712:1720
   20   824 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3306
  252 13772 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22


Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

 

Chain OUTPUT (policy ACCEPT 17M packets, 1958M bytes)
 pkts bytes target     prot opt in     out     source               destination


 

note  here i block  h323 ports , ssh  and MySQL  from any source 

from any in interface eth1, and like can see  bttom there  a listiong for the other CHAINS

 

 

i hope that i was helpfull for you .

 

i appologize for extesion  :-) , but if it could help .

 

Marcos

 
 		 	   		  
_________________________________________________________________
Ahora Hotmail es un 70% más rápido. Para que chequear correos sea cada vez más fácil. Ver más
http://www.descubrehotmail.com/velocidad.asp 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20100624/84234260/attachment.htm

More information about the asterisk-biz mailing list