fail2ban(opensource) is a good choice for you<div>best<br><br><div class="gmail_quote">On Wed, Apr 6, 2011 at 1:16 PM, Gordon Henderson <span dir="ltr"><<a href="mailto:gordon%2Basterisk@drogon.net">gordon+asterisk@drogon.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Tue, 5 Apr 2011, Steve Edwards wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, 5 Apr 2011, Gilles wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I'm no expert of iptables, and it seems like it can handle banning IP's that are trying to register and fail too many times.<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Is there a good iptables configuration that I could use as reference?<br>
</blockquote>
<br>
Gordon Henderson posted a link to his script that handled failures above a threshold and some other cool stuff a few months back.<br>
<br>
Try searching the archives.<br>
</blockquote>
<br></div>
Have a look at these:<br>
<br>
<a href="http://unicorn.drogon.net/firewall" target="_blank">http://unicorn.drogon.net/firewall</a><br>
<br>
That's a very basic iptables firewall script. You can not run this as-is, you will need to chang it.<br>
<br>
This:<br>
<br>
<a href="http://unicorn.drogon.net/firewall2" target="_blank">http://unicorn.drogon.net/firewall2</a><br>
<br>
is a bit more complicated. It includes some more stateful rules to check and automatically slow-down bulk connections. It's not perfect, but it could be used as a starting point for your own thing. A word of warning though - it's not suitable for light-weight/embedded devices. These rules can result in significant kernel processing.<br>
<br>
You may also wish to look at this:<br>
<br>
<a href="http://blog.elphel.com/2011/03/hardening-the-asterisk-based-phone-system" target="_blank">http://blog.elphel.com/2011/03/hardening-the-asterisk-based-phone-system</a><br>
<br>
It's a blog post by Andrey Filippov based on some of my work and some of his own. It's all good stuff.<br><font color="#888888">
<br>
Gordon</font><div><div></div><div class="h5"><br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</div></div></blockquote></div><br></div>