[Asterisk-Users] Asterisk iptables rules

Goran Tornqvist goran at goran.aleborg.se
Wed Oct 26 01:33:23 MST 2005 

Hello,
I have trouble getting asterisk to work with my new firewall script (see below).
I used this info as base: 'http://www.voip-info.org/wiki-Asterisk+firewall+rules
And then modified it to suit my needs.

I use only SIP and the problem is that the calls get in to asterisk when the firewall is activated.
But my agents/phones cant register or receive any calls. So all calls get stuck in queue on asterisk.
So I believe Im missing some rule perhaps?

Can anyone help me sort this out?

Thanks...

Best Regards
Goran

/etc/init.d/firewall
======================================

#IPTables firewall configuration for X

export PATH=$PATH:/sbin

case "$1" in
  start)

    echo "Starting iptables firewall..."

    iptables --flush
    iptables --delete-chain

    iptables -A INPUT -p icmp -i eth0 -j ACCEPT

    # START OPEN PORTS
    #=================

    #SSH (22)
    iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

    #SAMBA: netbios (139) , microsoft-ds (445)
    iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT
    iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT
    
    #ASTERISK

      # SIP (UDP 5060)
      iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT
      iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT

      # IAX2/IAX 
      iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT
      iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT 

      # RTP - the media stream 
      iptables -A INPUT -p udp -m udp -i eth0 --dport 10000:20000 -j ACCEPT 

      # MGCP - if you use media gateway control protocol in your configuration 
      iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT 

    #END ASTERISK    

    #MySQL (3306)
    iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT
    iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT

    #SNMP (161) - Allow from cacti server
    iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
    iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT

    #Ftp / Passive ports
    iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
    iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT

    #Http / Web
    iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT

    #Webmin (10000)
    iptables -A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT

    # END OPEN PORTS
    #=================

    #Deny everything else
    iptables -A INPUT -p all -i eth0 -j DROP

    exit 0;
    ;;

  stop)

    echo "Stopping iptables firewall..."
    iptables --flush
    iptables --delete-chain

    exit 0;
    ;;

  *)
    echo "Valid switches: firewall start , firewall stop";

esac;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20051026/5bb26520/attachment.htm

More information about the asterisk-users mailing list