[asterisk-users] Firewalling and Asterisk
Steve Totaro
stotaro at totarotechnologies.com
Mon Nov 29 10:47:00 CST 2010
On Sun, Nov 28, 2010 at 12:24 PM, Steve Edwards
<asterisk.org at sedwards.com> wrote:
> On Sun, 28 Nov 2010, Silver Thorne wrote:
>
>> I have noticed lately that there have been several attempts to hack our
>> Asterisk server.
>>
>> So, I am wondering if anyone has a firewall/IP tables statement that
>> keep out unauthorised users?
>
> 0) Read the list archives, this comes up weekly.
>
> 1) Determine who (in terms of external IP addresses) should be allowed to
> connect to your server.
>
> 2) Create a list of iptables commands to allow those IP addresses.
>
> 3) Deny everybody else.
>
> 4) Use 'fail2ban' or something similar to detect abusive addresses and
> block them, if only for an [hour|day|week] or so.
>
> Even if you have 'mobile' users who 'need to connect from everywhere' you
> can probably define 'everywhere' a bit better like 'not from North Korea'
> or 'not from Africa' -- with suitable apologies to readers from North
> Korea or Africa.
>
> --
> Thanks in advance,
> -------------------------------------------------------------------------
> Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
> Newline Fax: +1-760-731-3000
>
I agree with Steve, this is the safest way to tackle it. For the road
warriors that demand an extension, I use SNOM 370VPN if they want to
carry around a real phone or openvpn x-lite on their laptops.
Thanks,
Steve T
More information about the asterisk-users
mailing list