[asterisk-users] Brute force attacks
A J Stiles
asterisk_list at earthshod.co.uk
Fri Jul 2 11:41:12 CDT 2010
On Friday 02 Jul 2010, Ira wrote:
> At 11:14 PM 7/1/2010, you wrote:
> >Same activity from these IPs:
> >174.129.137.135
>
> Given that my Asterisk box is used for nothing but Asterisk and I
> know the small number of IPs that need to have access is there an
> easy way to use iptables to block everything but those 6 IPs and
> provider addresses?
Yes, dead easy! Just configure iptables to accept IAX traffic (TCP and UDP
port 4569) only from trusted IP addresses, and drop it from anywhere else.
Here I am assuming eth0 is the "outside" connection, and the permitted IP
addresses are 10.11.12.13 and 10.11.12.14.
# accept IAX traffic (port 4569) from 10.11.12.13
iptables -A FORWARD -s 10.11.12.13/32 -i eth0 -p tcp -m tcp --dport 4569 -j
ACCEPT
iptables -A FORWARD -s 10.11.12.13/32 -i eth0 -p udp -m udp --dport 4569 -j
ACCEPT
# accept IAX traffic (port 4569) from 10.11.12.14
iptables -A FORWARD -s 10.11.12.14/32 -i eth0 -p tcp -m tcp --dport 4569 -j
ACCEPT
iptables -A FORWARD -s 10.11.12.14/32 -i eth0 -p udp -m udp --dport 4569 -j
ACCEPT
# drop all other IAX traffic
iptables -A FORWARD -i eth0 -p udp -m udp --dport 4569 -j DROP
iptables -A FORWARD -i eth0 -p tcp -m tcp --dport 4569 -j DROP
Obviously if the "permitted" connection addresses fall neatly into a block,
you can use fewer rules :) If there are a few addresses in the block that
shouldn't be permitted, put one or more DROP rules first for those addresses,
then an ACCEPT rule for (the rest of) the block, then another DROP rule.
--
AJS
More information about the asterisk-users
mailing list