[asterisk-users] Am I being hacked?

Nick Khamis symack at gmail.com
Mon Aug 19 17:15:25 CDT 2013 

#!/bin/bash
IPTABLES='/sbin/iptables'

#Set interface values
INTIF1='eth0'

# Set Limits
LIMIT="2/sec"
LOGLIMIT="5/min"
LIMITBURST="5"

#flush rules and delete chains
$IPTABLES -F
$IPTABLES -X

#echo -e "       - Dropping Forward Requests"
$IPTABLES -P FORWARD DROP

#echo -e "       - Dropping Input Requests"
$IPTABLES -P INPUT DROP

#echo -e "       - Dropping output requests"
$IPTABLES -P OUTPUT DROP

#echo -e "       - Accepting input lo traffic"
$IPTABLES -A INPUT -i lo -j ACCEPT

#echo -e "       - Accepting output lo traffic"
$IPTABLES -A OUTPUT -o lo -j ACCEPT

#echo -e "       - Defined Chains"
$IPTABLES -N ICMP
$IPTABLES -N TCP
$IPTABLES -N UDP
$IPTABLES -N LOGINPUT
$IPTABLES -N LOGOUTPUT

#echo -e "       - Accepting incoming SIP Traffic"
$IPTABLES -A UDP -p udp -m udp -s <local /24> --sport 5060 -d
<asterisk server> --dport 5060 -j ACCEPT
$IPTABLES -A UDP -p udp -m udp -s <time warner ip> --sport 5060 -d
<asterisk server> --dport 5060 -j ACCEPT
# $IPTABLES -A UDP -p udp -m udp -s 0.0.0.0/0 --sport 5060 -d
<asterisk server> --dport 5060 -j DROP

#echo -e "       - Accepting outgoing SIP Traffic"
$IPTABLES -A UDP -p udp -m udp -s <asterisk server> --sport 5060 -d
<local /24> --dport 5060 -j ACCEPT
$IPTABLES -A UDP -p udp -m udp -s <asterisk server> --sport 5060 -d
<time warner sip server>--dport 5060 -j ACCEPT
# $IPTABLES -A UDP -p udp -m udp -s <asterisk server> --sport 5060 -d
0.0.0.0/00 --dport 5060 -j DROP

RTP Traffic *may* or *may* not come from the same server as the SIP
messages. It also *may* or *may not* come from the server provider's
net mask
or an underline either way, until you have determined this:

#echo -e "       - Accepting incomming RTP Traffic"
$IPTABLES -A UDP -p udp -m udp --dport 8000:65000 -j ACCEPT
# $IPTABLES -A UDP -p udp -m udp -d <asterisk server> --dport
8000:65000 -j ACCEPT
# $IPTABLES -A UDP -p udp -m udp -s <local /24> -d <asterisk server>
--dport 8000:65000 -j ACCEPT
# $IPTABLES -A UDP -p udp -m udp -s <time warner> -d <asterisk server>
--dport 8000:65000 -j ACCEPT
# $IPTABLES -A UDP -p udp -m udp -s 0.0.0.0/0 -d <asterisk server>
--dport 8000:65000 -j DROP

#echo -e "       - Accepting outgoing RTP Traffic"
$IPTABLES -A UDP -p udp -m udp --sport 8000:65000 -j ACCEPT
# $IPTABLES -A UDP -p udp -m udp -s <asterisk server> --sport
8000:65000 -j ACCEPT
# $IPTABLES -A UDP -p udp -m udp -s <asterisk server> -d <local /24>
--dport 8000:65000 -j ACCEPT
# $IPTABLES -A UDP -p udp -m udp -s <asterisk server> -d <time warner>
--dport 8000:65000 -j ACCEPT
# $IPTABLES -A UDP -p udp -m udp -s <asterisk server> -d 0.0.0.0/0
--dport 8000:65000 -j DROP

#echo -e "       - Accepting input ICMP, TCP, and UDP traffic to open ports"
$IPTABLES -A INPUT -i $INTIF1 -p icmp -j ICMP
$IPTABLES -A INPUT -i $INTIF1 -p tcp -j TCP
$IPTABLES -A INPUT -i $INTIF1 -p udp -j UDP

#echo -e "       - Accepting output ICMP, TCP, and UDP traffic to open ports"
$IPTABLES -A OUTPUT -o $INTIF1 -p icmp -j ICMP
$IPTABLES -A OUTPUT -o $INTIF1 -p tcp -j TCP
$IPTABLES -A OUTPUT -o $INTIF1 -p udp -j UDP

#echo -e "       - Logging Dropped Input Traffic"
$IPTABLES -A LOGINPUT -i $INTIF1 -p icmp -m limit --limit $LOGLIMIT
--limit-burst $LIMITBURST -j LOG --log-prefix "ICMP LOGINPUTDROP: "
--log-tcp-options --log-i$
$IPTABLES -A LOGINPUT -i $INTIF1 -p tcp --tcp-flags FIN,SYN,RST,ACK
SYN -m limit --limit $LOGLIMIT --limit-burst $LIMITBURST -j LOG
--log-prefix "TCP LOGINPUTDRO$
$IPTABLES -A LOGINPUT -i $INTIF1 -p udp -m limit --limit $LOGLIMIT
--limit-burst $LIMITBURST -j LOG --log-prefix "UDP LOGINPUTDROP: "
--log-tcp-options --log-ip-$
$IPTABLES -A LOGINPUT -i $INTIF1 -f -m limit --limit $LOGLIMIT
--limit-burst $LIMITBURST -j LOG --log-prefix "FRAGMENT LOGINPUTDROP:
" --log-tcp-options --log-ip$
$IPTABLES -A LOGINPUT -j DROP

$IPTABLES -A INPUT -p icmp -i $INTIF1 -j LOGINPUT
$IPTABLES -A INPUT -p tcp  -i $INTIF1 -j LOGINPUT
$IPTABLES -A INPUT -p udp  -i $INTIF1 -j LOGINPUT

#echo -e "       - Logging Dropped Output Traffic"
$IPTABLES -A LOGOUTPUT -o $INTIF1 -p icmp -m limit --limit $LOGLIMIT
--limit-burst $LIMITBURST -j LOG --log-prefix "ICMP LOGOUTPUTDROP: "
--log-tcp-options --log$
$IPTABLES -A LOGOUTPUT -o $INTIF1 -p tcp --tcp-flags FIN,SYN,RST,ACK
SYN -m limit --limit $LOGLIMIT --limit-burst $LIMITBURST -j LOG
--log-prefix "TCP LOGOUTPUTD$
$IPTABLES -A LOGOUTPUT -o $INTIF1 -p udp -m limit --limit $LOGLIMIT
--limit-burst $LIMITBURST -j LOG --log-prefix "UDP LOGOUTPUTDROP: "
--log-tcp-options --log-i$
$IPTABLES -A LOGOUTPUT -o $INTIF1 -f -m limit --limit $LOGLIMIT
--limit-burst $LIMITBURST -j LOG --log-prefix "FRAGMENT LOGOUTPUTDROP:
" --log-tcp-options --log-$
$IPTABLES -A LOGOUTPUT -j DROP

$IPTABLES -A OUTPUT -p icmp -o $INTIF1 -j LOGOUTPUT
$IPTABLES -A OUTPUT -p tcp  -o $INTIF1 -j LOGOUTPUT
$IPTABLES -A OUTPUT -p udp  -o $INTIF1 -j LOGOUTPUT

#echo -e "       - Rejecting input TCP and UDP traffic to closed ports"
$IPTABLES -A INPUT -i $INTIF1 -p tcp -j REJECT --reject-with tcp-rst
$IPTABLES -A INPUT -i $INTIF1 -p udp -j REJECT --reject-with
icmp-port-unreachable

#echo -e "       - Rejecting output TCP and UDP traffic to closed ports"
$IPTABLES -A OUTPUT -o $INTIF1 -p tcp -j REJECT --reject-with tcp-rst
$IPTABLES -A OUTPUT -o $INTIF1 -p udp -j REJECT --reject-with
icmp-port-unreachable

#echo -e "       - Rejecting input traffic to remaining protocols sent
to closed ports"
$IPTABLES -A INPUT -i $INTIF1 -j REJECT --reject-with icmp-proto-unreachable

#echo -e "       - Rejecting output traffic to remaining protocols
sent to closed ports"
$IPTABLES -A OUTPUT -o $INTIF1 -j REJECT --reject-with icmp-proto-unreachable

#echo -e "       - Rejecting output traffic to remaining protocols
sent to closed ports"
$IPTABLES -A OUTPUT -o $INTIF1 -j REJECT --reject-with icmp-proto-unreachable

Thank you come again,

Nick from Toronto

More information about the asterisk-users mailing list