[Asterisk-Users] Linux Firewall Question
Tzafrir Cohen
tzafrir at cohens.org.il
Sat Jul 2 12:41:35 MST 2005
On Fri, Jul 01, 2005 at 12:15:06PM -0400, Michael Stahl wrote:
> You should be able to do a good job with IPTABLES which is included in
> FC3. You can limit source & destp IP and protocol, etc.
>
> Type "man iptables | more" for more details...
Which will not get you anywhere. There are a number of relevant HOWTOs
on this subject. One reasonable starting point is iptables (actually:
netfilter)'s homepage:
http://netfilter.org/documentation/index.html#documentation-howto
Also worth mentioning is the command with the confusing name
'iptables-save', which dumps the current iptables rules and
iptables-estore which restores from those rules. iptables-save is handy
as a simple rules browser.
But you should generate those rules in some automated way, because
you'll need to somehow change them from a remote location when you'll
least expect that. This is why I'd avoid most of the graphical apps such
as firestarter.
Shorewall mentioned earlier is also very handy. One of its design goals
is to save you from mistakes and make it much less probable that you
lock yourself out.
However I chose to avoid it beccause it creates relatively complex and
"expensive" rules: with Asterisk you'd want ti minimize the amounts of
tests each good voip packet is subject to before it is allowed in.
Shorewall's rules will subject the packet to many unnecessary rules.
It may also be confusing for a simple one-interface server setup. That's
why I have decided to write one myself.
--
Tzafrir Cohen | tzafrir at jbr.cohens.org.il | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
ICQ# 16849755 | | friend
More information about the asterisk-users
mailing list