[asterisk-users] A new hack?

Tom Browning ttbrowning at gmail.com
Mon Nov 28 09:57:17 CST 2011


On Sun, Nov 27, 2011 at 8:47 AM, Gordon Henderson
<gordon+asterisk at drogon.net> wrote:
> Linux has excellent built-in subsystems to control firewalling and so on
> without resorting to external programs. It's called iptables. If you know
> how to use them, then using an external resource such as fail2ban is
> unneccessary.

That's like saying you don't need FreePBX because you have this thing
called Asterisk.

Though I've never used Fail2Ban, it is an excellent example of
"middleware" that looks at application level events and feeds updates
to iptables.

So the important blocking is happening in kernel mode, not userland.

Your example:

> For example, with iptables rules you can say something like: If a connection from a remote site to a local port happens more than (say) once a second then drop that connection.

doesn't always work well for some applications.  Ever look at WebDAV
traffic?  Code me an iptables rule that figures out someone is doing
bad things via WebDAV :-)



More information about the asterisk-users mailing list