[asterisk-users] Iptables configuration to handle brute force registrations?
Pezhman Lali
lopl at lopl.net
Wed Apr 6 23:14:08 CDT 2011
fail2ban(opensource) is a good choice for you
best
On Wed, Apr 6, 2011 at 1:16 PM, Gordon Henderson <gordon+asterisk at drogon.net
> wrote:
> On Tue, 5 Apr 2011, Steve Edwards wrote:
>
> On Tue, 5 Apr 2011, Gilles wrote:
>>
>> I'm no expert of iptables, and it seems like it can handle banning
>>> IP's that are trying to register and fail too many times.
>>>
>>
>> Is there a good iptables configuration that I could use as reference?
>>>
>>
>> Gordon Henderson posted a link to his script that handled failures above a
>> threshold and some other cool stuff a few months back.
>>
>> Try searching the archives.
>>
>
> Have a look at these:
>
> http://unicorn.drogon.net/firewall
>
> That's a very basic iptables firewall script. You can not run this as-is,
> you will need to chang it.
>
> This:
>
> http://unicorn.drogon.net/firewall2
>
> is a bit more complicated. It includes some more stateful rules to check
> and automatically slow-down bulk connections. It's not perfect, but it could
> be used as a starting point for your own thing. A word of warning though -
> it's not suitable for light-weight/embedded devices. These rules can result
> in significant kernel processing.
>
> You may also wish to look at this:
>
> http://blog.elphel.com/2011/03/hardening-the-asterisk-based-phone-system
>
> It's a blog post by Andrey Filippov based on some of my work and some of
> his own. It's all good stuff.
>
> Gordon
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110407/299a994a/attachment.htm>
More information about the asterisk-users
mailing list