[asterisk-users] iptables example

[Jeronimo Romero]

Hey everyone.  I recenty installed a server at a datacenter offsite and
the thing is getting hammered with invalid ssh logins so I decided to
use some iptables. 

I included my ruleset here. I was wondering if I could get some feedback
based on my ruleset from those of you using iptables in production
systems.  It seems to be working but some critique would be appreciated.
Thanks

 

 

#!/bin/sh

# My system IP/set ip address of server

SERVER_IP="x.x.x.x"

# Flushing all rules

iptables -F

iptables -X

# Setting default filter policy

iptables -P INPUT DROP

iptables -P OUTPUT DROP

iptables -P FORWARD DROP

 

 

# Allow unlimited traffic on loopback

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

 

# Allow incoming ssh only from secure hosts

iptables -A INPUT -p tcp -s x.x.x.x -d $SERVER_IP --sport 513:65535
--dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s x.x.x.x  -d $SERVER_IP --sport 513:65535
--dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

 

#Allow http & Asterisk Related Traffic

iptables -A INPUT -p tcp -i eth0 --dport 80 -m state --state NEW -j
ACCEPT

# SIP on UDP 

iptables -A INPUT -p udp -m udp --dport 5004:5082 -j ACCEPT

# IAX2- 

iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT

# IAX - 

iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT

# RTP - the media stream

iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

 

iptables -A INPUT -j DROP

iptables -A OUTPUT -j ACCEPT

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20061129/9683c195/attachment.htm