Hello, if you dont know iptables that much, and would like to see more "user friendly" configuration method, i suggest you to use Shorewall, which is very flexible, has some clear logs, and generates same iptable rules behind.<br>
<br><div class="gmail_quote">2009/2/8 David fire <span dir="ltr"><<a href="mailto:ddfire@gmail.com">ddfire@gmail.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
denay permit are in sip.conf and iax.conf<br>David<br><br><div class="gmail_quote">2009/2/7 oumar ndiaye <span dir="ltr"><<a href="mailto:ondiaye@antg.com" target="_blank">ondiaye@antg.com</a>></span><div><div></div>
<div class="Wj3C7c"><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>David,</div>
<div>Thanks in advance. Where do I change the user/peers definition? Is it in the firewall of the OS? In that case that won't work because the server host other services such as ssh http that are open to any IP as long as the user has the correct credentials. Doesn't asterisk itself has built in security filters?</div>
<div> </div>
<div>If the only choice is to do in the OS's firewall, then I will need to include the port numbers of SIP, IAX in my firewall rules. In this case, which ports should I block to keep unwanted SIP/IAX connections from specific IP's.</div>
<div>Thanks.<br><br></div><div><div></div><div>
<div class="gmail_quote">On Sat, Feb 7, 2009 at 9:29 AM, David fire <span dir="ltr"><<a href="mailto:ddfire@gmail.com" target="_blank">ddfire@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">you have many options but you should use it together.<br>firewall<br><br>in the user/peers definitions add host=<ip><br>
and/or <br>deny=<a href="http://0.0.0.0/0.0.0.0" target="_blank">0.0.0.0/0.0.0.0</a><br>permit=<ip>/<mask> <br><br>change the ip of your server.<br><br>use something like ossec to avoid force brute.<br><br>David<br>
<br>
<div class="gmail_quote">2009/2/6 oumar ndiaye <span dir="ltr"><<a href="mailto:ond4444@gmail.com" target="_blank">ond4444@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div>Is there a way to restrict connection to my asterisk server to users based on their IP addresses, and not just password. I have some hackers who connect to my server to make illegitimate solicitation calls to people. I had to shutdown the server for now until I find a solution. ANY HELP?<br clear="all">
</div>
<div>Thanks.<br>ond</div><br></div>_______________________________________________<br>-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com/" target="_blank">http://www.api-digital.com</a> --<br><br>
asterisk-users mailing list<br>To UNSUBSCRIBE or update options visit:<br> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</blockquote></div><font color="#888888"><br><br clear="all"><br>-- <br>(\__/) <br>(='.'=)This is Bunny. Copy and paste bunny into your <br>(")_(")signature to help him gain world domination. <br><br></font><br>
_______________________________________________<br>-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com/" target="_blank">http://www.api-digital.com</a> --<br><br>asterisk-users mailing list<br>To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br><br clear="all"><br>-- <br></div></div><font color="#888888">Oumar Ndiaye<br>
CTO<br>ANTG Telecom<br>
<a href="http://www.antg.com" target="_blank">www.antg.com</a><br><a href="mailto:ondiaye@antg.com" target="_blank">ondiaye@antg.com</a><br><a href="mailto:ondiaye@alum.mit.edu" target="_blank">ondiaye@alum.mit.edu</a><br>
<a href="mailto:ond4444@gmail.com" target="_blank">ond4444@gmail.com</a><br>
Tel: <a>+1-919-291-8742</a><br><br>
</font><br>_______________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div></div></div><div><div></div><div class="Wj3C7c"><br><br clear="all">
<br>-- <br> (\__/) <br>(='.'=)This is Bunny. Copy and paste bunny into your <br>
(")_(")signature to help him gain world domination. <br><br>
</div></div><br>_______________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br>