[asterisk-users] Iptables configuration to handle brute force registrations?
Gordon Henderson
gordon+asterisk at drogon.net
Wed Apr 6 03:46:12 CDT 2011
On Tue, 5 Apr 2011, Steve Edwards wrote:
> On Tue, 5 Apr 2011, Gilles wrote:
>
>> I'm no expert of iptables, and it seems like it can handle banning
>> IP's that are trying to register and fail too many times.
>
>> Is there a good iptables configuration that I could use as reference?
>
> Gordon Henderson posted a link to his script that handled failures above a
> threshold and some other cool stuff a few months back.
>
> Try searching the archives.
Have a look at these:
http://unicorn.drogon.net/firewall
That's a very basic iptables firewall script. You can not run this as-is,
you will need to chang it.
This:
http://unicorn.drogon.net/firewall2
is a bit more complicated. It includes some more stateful rules to check
and automatically slow-down bulk connections. It's not perfect, but it
could be used as a starting point for your own thing. A word of warning
though - it's not suitable for light-weight/embedded devices. These rules
can result in significant kernel processing.
You may also wish to look at this:
http://blog.elphel.com/2011/03/hardening-the-asterisk-based-phone-system
It's a blog post by Andrey Filippov based on some of my work and some of
his own. It's all good stuff.
Gordon
More information about the asterisk-users
mailing list