<br><br><div class="gmail_quote">On Sat, May 14, 2011 at 7:51 PM, Bruce B <span dir="ltr"><<a href="mailto:bruceb444@gmail.com">bruceb444@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hi everyone,<div><br></div><div>I want to issue the command:</div><div><br></div><div>iptables -F</div><div><br></div><div>and then rebuild everything from the beginning with a very limited scope and then without locking myself block all other traffic. Can you suggest what I should put in the shell that would get me this:</div>
<div><br></div><div>Allow traffic from subnet <a href="http://172.16.0.0/24" target="_blank">172.16.0.0/24</a> (my VPN tunnels) - All traffic including those of Asterisk and HTTP - I trust this network</div><div>Allow traffic from subnet <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> (other side of VPN network) - All traffic including those of Asterisk and HTTP - I trust this network</div>
<div>Allow traffic from single IP of DID provider - 5060 TCP/UDP and 10000-10200 UDP</div><div>Allow VPN access on port 1194 UDP --- I have that figured out to be (<b>iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT</b>) works for this.</div>
<div><br></div><div><b>BLOCK all other traffic <----- Important most of all</b></div><div><br></div><div>Please note that from the subnets I want to allow every single port possible and all traffic. I specially have problems with getting a whole subnet be able to access everything.</div>
<div><br></div><div>Thanks</div>
<br></blockquote><div><br>This question is probably better for a security or general Linux forum as it has very little to do with Asterisk. You have the the port numbers correct.<br><br>You could try "man iptables"<br>
<br>This link should also answer all of your questions, I like the second link with fail2ban.<br><br>Please be sure to be a good community member and come back to post your results when you are done!<br><br>Thanks,<br>Steve Totaro <br>
</div></div>