[asterisk-users] (Newbie)How to reduce security risks in opening IAX & Sip Ports

Tzafrir Cohen tzafrir.cohen at xorcom.com
Tue May 20 06:11:38 CDT 2008


On Tue, May 20, 2008 at 06:46:49AM -0400, Raj Jain wrote:
> One way to make the system more secure would be by not opening these ports
> statically in Linux iptables. I have not tested this, but Linux iptables
> have shipped with ip_nat_sip and ip_conntrack_sip modules since kernel
> version 2.6.18. With these modules, Linux iptables will act as a SIP-aware
> NAT that opens the ports dynamically depending on what's exchanged in the
> signaling.

Err... and if you want to allow someone to connect to UDP port 5060 of
your boxm what iptables trick should you use?

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir



More information about the asterisk-users mailing list