[asterisk-users] Can't block intrusion

Larry Moore lmoore at starwon.com.au
Wed Apr 1 17:37:10 CDT 2020

On 2/04/2020 5:39 AM, Larry Moore wrote:
> On 2/04/2020 5:28 AM, Mark Boyce wrote:
>> On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com 
>> <mailto:gdt at lexort.com>> wrote:
>>> I think you need to use tcpdump and turn up firewall debugging.
>> sngrep is your friend …My bet is UDP vs TCP on firewall rules :-)
>> Mark
> Or the stateful entry still exists when the table entry is updated.
> Does your script also issue a command to kill existing states from 
> that host after it has updated the table, e.g.  pfctl -k
> Larry.

Hmm, missed that in your original post. Could 'pfctl -K' be of help, I 
would suggest either removing 'quick' from your 'pass' rule or placing 
that line after the 'block' rules.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20200402/3ef3e9b9/attachment.html>

More information about the asterisk-users mailing list