[asterisk-users] Asterisk 1.6
Michelle Dupuis
mdupuis at ocg.ca
Fri Apr 4 10:25:52 CDT 2014
If you know your users are all from with your country, or state, or even city, you could restrict geographic access in your secast.conf file like this:
ruledefault=deny
ruleexceptions=NA:CA:Ontario:|NA:US:Michigan:Detroit|::Ohio:|NA
The above would:
- By default deny all source IP's anywhere in the world
- Let in only source IP's from:
1. North America (continent), Canada (country), Ontario (region)
2. North America (continent), USA (country), Michigan (region), Detroit (city)
3. Any region called 'Ohio' anywhere in the world (not sure why you would do that but fun example)
4. Anywhere in North America
So you can open up your system based solely on where you know your real users are located.
-=Michelle=-
________________________________
From: asterisk-users-bounces at lists.digium.com <asterisk-users-bounces at lists.digium.com> on behalf of motty cruz <motty.cruz at gmail.com>
Sent: Friday, April 4, 2014 11:15 AM
To: Asterisk Users List
Subject: Re: [asterisk-users] Asterisk 1.6
Hello Ishfaq, outside users usually travel around the country and connect from different network, so it won't be possible to lock it down to specific IP.
Thanks for your support.
On Fri, Apr 4, 2014 at 8:03 AM, Ishfaq Malik <ish at pack-net.co.uk<mailto:ish at pack-net.co.uk>> wrote:
On 4 April 2014 15:22, motty cruz <motty.cruz at gmail.com<mailto:motty.cruz at gmail.com>> wrote:
thank you all for your support. I am using Linux, I only have about 7 users outside our home network. I will learn fail2ban and will use it accordingly.
again Thanks for your support.
Do the 7 users outside of your home network always connect from the same IP addresses? If so, you can just lock down your SIP port to those 7 IPs explicitly in your IPTables configuration.
Another option would be to change which port you're running SIP on.
--
Ishfaq Malik
Department: VOIP Support
Company: Packnet Limited
t: +44 (0)845 004 4994<tel:%2B44%20%280%29845%20004%204994>
f: +44 (0)161 660 9825<tel:%2B44%20%280%29161%20660%209825>
e: ish at pack-net.co.uk<mailto:ish at pack-net.co.uk>
w: http://www.pack-net.co.uk<http://www.pack-net.co.uk/>
Registered Address: PACKNET LIMITED, Duplex 2, Ducie House
37 Ducie Street
Manchester, M1 2JW
COMPANY REG NO. 04920552
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com<http://www.api-digital.com/> --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140404/aafb4e75/attachment.html>
More information about the asterisk-users
mailing list