[asterisk-users] iptables for Asterisk - Any good guides out there?
Steve Totaro
stotaro at asteriskhelpdesk.com
Sun May 15 04:03:40 CDT 2011
On Sat, May 14, 2011 at 7:51 PM, Bruce B <bruceb444 at gmail.com> wrote:
> Hi everyone,
>
> I want to issue the command:
>
> iptables -F
>
> and then rebuild everything from the beginning with a very limited scope
> and then without locking myself block all other traffic. Can you suggest
> what I should put in the shell that would get me this:
>
> Allow traffic from subnet 172.16.0.0/24 (my VPN tunnels) - All
> traffic including those of Asterisk and HTTP - I trust this network
> Allow traffic from subnet 192.168.1.0/24 (other side of VPN network) -
> All traffic including those of Asterisk and HTTP - I trust this network
> Allow traffic from single IP of DID provider - 5060 TCP/UDP and
> 10000-10200 UDP
> Allow VPN access on port 1194 UDP --- I have that figured out to be (*iptables
> -A INPUT -p udp -m udp --dport 1194 -j ACCEPT*) works for this.
>
> *BLOCK all other traffic <----- Important most of all*
>
> Please note that from the subnets I want to allow every single port
> possible and all traffic. I specially have problems with getting a whole
> subnet be able to access everything.
>
> Thanks
>
>
This question is probably better for a security or general Linux forum as it
has very little to do with Asterisk. You have the the port numbers correct.
You could try "man iptables"
This link should also answer all of your questions, I like the second link
with fail2ban.
Please be sure to be a good community member and come back to post your
results when you are done!
Thanks,
Steve Totaro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110515/d66c8d9b/attachment.htm>
More information about the asterisk-users
mailing list