[asterisk-users] Firewalling and Asterisk
Steve Edwards
asterisk.org at sedwards.com
Sun Nov 28 11:24:38 CST 2010
On Sun, 28 Nov 2010, Silver Thorne wrote:
> I have noticed lately that there have been several attempts to hack our
> Asterisk server.
>
> So, I am wondering if anyone has a firewall/IP tables statement that
> keep out unauthorised users?
0) Read the list archives, this comes up weekly.
1) Determine who (in terms of external IP addresses) should be allowed to
connect to your server.
2) Create a list of iptables commands to allow those IP addresses.
3) Deny everybody else.
4) Use 'fail2ban' or something similar to detect abusive addresses and
block them, if only for an [hour|day|week] or so.
Even if you have 'mobile' users who 'need to connect from everywhere' you
can probably define 'everywhere' a bit better like 'not from North Korea'
or 'not from Africa' -- with suitable apologies to readers from North
Korea or Africa.
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list