<div>David,</div>
<div>Thanks in advance. Where do I change the user/peers definition? Is it in the firewall of the OS? In that case that won't work because the server host other services such as ssh http that are open to any IP as long as the user has the correct credentials. Doesn't asterisk itself has built in security filters?</div>
<div> </div>
<div>If the only choice is to do in the OS's firewall, then I will need to include the port numbers of SIP, IAX in my firewall rules. In this case, which ports should I block to keep unwanted SIP/IAX connections from specific IP's.</div>
<div>Thanks.<br><br></div>
<div class="gmail_quote">On Sat, Feb 7, 2009 at 9:29 AM, David fire <span dir="ltr"><<a href="mailto:ddfire@gmail.com">ddfire@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">you have many options but you should use it together.<br>firewall<br><br>in the user/peers definitions add host=<ip><br>
and/or <br>deny=<a href="http://0.0.0.0/0.0.0.0" target="_blank">0.0.0.0/0.0.0.0</a><br>permit=<ip>/<mask> <br><br>change the ip of your server.<br><br>use something like ossec to avoid force brute.<br><br>David<br>
<br>
<div class="gmail_quote">2009/2/6 oumar ndiaye <span dir="ltr"><<a href="mailto:ond4444@gmail.com" target="_blank">ond4444@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<div class="Ih2E3d">
<div>Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP?<br clear="all">
</div>
<div>Thanks.<br>ond</div><br></div>_______________________________________________<br>-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com/" target="_blank">http://www.api-digital.com</a> --<br><br>
asterisk-users mailing list<br>To UNSUBSCRIBE or update options visit:<br> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</blockquote></div><font color="#888888"><br><br clear="all"><br>-- <br>(\__/) <br>(='.'=)This is Bunny. Copy and paste bunny into your <br>(")_(")signature to help him gain world domination. <br><br></font><br>
_______________________________________________<br>-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com/" target="_blank">http://www.api-digital.com</a> --<br><br>asterisk-users mailing list<br>To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br><br clear="all"><br>-- <br>Oumar Ndiaye<br>CTO<br>ANTG Telecom<br>
<a href="http://www.antg.com">www.antg.com</a><br><a href="mailto:ondiaye@antg.com">ondiaye@antg.com</a><br><a href="mailto:ondiaye@alum.mit.edu">ondiaye@alum.mit.edu</a><br><a href="mailto:ond4444@gmail.com">ond4444@gmail.com</a><br>
Tel: +1-919-291-8742<br><br>