[asterisk-users] (Newbie)How to reduce security risks in opening IAX & Sip Ports
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Tue May 20 06:11:38 CDT 2008
On Tue, May 20, 2008 at 06:46:49AM -0400, Raj Jain wrote:
> One way to make the system more secure would be by not opening these ports
> statically in Linux iptables. I have not tested this, but Linux iptables
> have shipped with ip_nat_sip and ip_conntrack_sip modules since kernel
> version 2.6.18. With these modules, Linux iptables will act as a SIP-aware
> NAT that opens the ports dynamically depending on what's exchanged in the
> signaling.
Err... and if you want to allow someone to connect to UDP port 5060 of
your boxm what iptables trick should you use?
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list