[asterisk-users] Security issue
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Mon Feb 9 05:29:01 CST 2009
On Mon, Feb 09, 2009 at 11:09:34AM +0000, Geraint Lee wrote:
> what about something along the lines of...
>
> iptables -A INPUT -p udp --dport 5060 -j DROP
> iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT
> iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT
> iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT
Err... I guess you meant:
iptables -A INPUT -p udp -s 192.168.0.0/24 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -s 10.0.0.0/8 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -s 66.66.66.66 --dport 5060 -j ACCEPT
# only if previous three did not match:
iptables -A INPUT -p udp --dport 5060 -j DROP
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list