<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
<BR>
I assume that we are talking about a PBX with only one network interface or conected right to th public ip trough one..<BR>
<BR>
for denny all connection just need set the POLICY to DROP into iptables typing this <BR>
<BR>
iptables -P INPUT DROP <BR>
<BR>
to do thius, you must be logged into local temrinal on the box that is runnig asterisk<BR>
<BR>
becasue this denny any access !!!!<BR>
<BR>
<BR>
AFTER denny all, you need enables access for ip desidered..<BR>
<BR>
iptables -I INPUT -s w.x.y.z ( good ip ) - j ACCEPT<BR>
aslo can use domain too<BR>
<BR>
iptables -I INPUT -s my.sip.friend.domain.com ( good domain.) - j ACCEPT <BR>
this rule resolves ip addres using dns query qhen the rule is loaded , so if this ip change after that ( ie the remote user has a service that assign to him dynamic ip and must reconenect you pc while use a DDNS service ) , then iptables must be reloaded iptables so get the new ip.<BR>
<BR>
<BR>
if you have more than one interface , you must tell to iptables on which one must accept conections <BR>
<BR>
<BR>
iptables -I INPUT -i ethX -s w.x.y.z ( good ip ) - j ACCEPT <BR>
( ethX is the name of the intreface that conect PBX to Internet)<BR>
<BR>
also must repaet for each interface that will accept conections. <BR>
<BR>
<BR>
simple, isn't it??<BR>
<BR>
whe you finish , you NEED to SAVE the rules that works fine to reload them all times that you want .<BR>
<BR>
to save your config just type <BR>
<BR>
iptables-save > /folder-where-you-want-to-save-the-conf/my-config <BR>
<BR>
for load the saved configuration at any time that you need <BR>
<BR>
iptables-restore < /folder-where-you-has-save-the-conf/my-config<BR>
<BR>
<BR>
then , for exceute this any time that you restart the computer you must to include in rc.local ( placed into /etc/rc.d folder ) THIS SENTENCE <BR>
<BR>
iptables-restore < /folder-where-you-has-save/my-config<BR>
<BR>
OR also may include the original command for insertion rules into iptables inside rc.local file <BR>
<BR>
iptables -P INPUT DROP to denny any aacces <BR>
iptables -I INPUT -s w.x.y.z - j ACCEPT<BR>
iptables -I INPUT -s my.sip.friend.domain.com - j ACCEPT <BR>
<BR>
<BR>
important note: <BR>
<BR>
if you have a box with more than one network interface <BR>
<BR>
AFTER set the POLICY to DENNY ( DROP)<BR>
<BR>
you must also include a rule to accept conection from your lan <BR>
<BR>
iptables -I INPUT -i ethX -s m.l.n.o - j ACCEPT<BR>
wehre m.l.n.o es the ip formany station that must access to PBX from inside. or m.l.n.o/24 to accept from all network with 24 bits netmask ( 255.255.255.0) to allow connection from the network insde ...... be aware from this....<BR>
<BR>
ie for accept all host form network 192.168.2.0 in your lan conenct via eth1<BR>
<BR>
iptables -I INPUT -i eth1 -s 192.168.2.0/24 - j ACCEPT<BR>
<BR>
<BR>
I hope that can help this...<BR>
<BR>
feel free to contact of the list,,, so we avoid to trasnform in an " iptables list" ..<BR>
<BR>
Have good results!!!<BR>
<BR>
<BR>
Marcos<BR>
<A href="mailto:info@calleasy.com.ar">info@calleasy.com.ar</A><BR>
<BR>
<BR> <br /><hr />Acceder a tu casilla ahora es mucho más rápido. Ahora Hotmail es un 70% más veloz. <a href='http://www.descubrehotmail.com/velocidad.asp ' target='_new'>Conocé más</a></body>
</html>