<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} .ms-cui-menu {background-color:#ffffff;border:1px rgb(171, 171, 171) solid;font-family:'Segoe UI WPC', 'Segoe UI', Tahoma, 'Microsoft Sans Serif', Verdana, sans-serif;font-size:11pt;color:rgb(51, 51, 51);} .ms-cui-menusection-title {display:none;} .ms-cui-ctl {vertical-align:text-top;text-decoration:none;color:rgb(51, 51, 51);} .ms-cui-ctl-on {background-color:rgb(223, 237, 250);opacity: 0.8;} .ms-cui-img-cont-float {display:inline-block;margin-top:2px} .ms-cui-smenu-inner {padding-top:0px;} .ms-owa-paste-option-icon {margin: 2px 4px 0px 4px;vertical-align:sub;padding-bottom: 2px;display:inline-block;} .ms-rtePasteFlyout-option:hover {background-color:rgb(223, 237, 250) !important;opacity:1 !important;} .ms-rtePasteFlyout-option {padding:8px 4px 8px 4px;outline:none;} .ms-cui-menusection {float:left; width:85px;height:24px;overflow:hidden}--></style>
</head>
<body>
<div style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>If you know your users are all from with your country, or state, or even city, you could restrict geographic access in your secast.conf file like this:<br>
</p>
<p><br>
</p>
<p>ruledefault=deny<br>
</p>
<div>ruleexceptions=NA:CA:Ontario:|<span style="font-size: 12pt;">NA:US:Michigan:Detroit|::Ohio:|NA</span></div>
<div><span style="font-size: 12pt;"><br>
</span></div>
<div><span style="font-size: 12pt;">The above would:</span></div>
<div><span style="font-size: 12pt;">- By default deny all source IP's anywhere in the world</span></div>
<div><span style="font-size: 12pt;">- Let in only source IP's from:</span></div>
<div><span style="font-size: 12pt;">1. North America (continent), Canada (country), Ontario (region)</span></div>
<div><span style="font-size: 12pt;">2. North America (continent), USA (country), Michigan (region), Detroit (city)</span></div>
<div><span style="font-size: 12pt;">3. Any region called 'Ohio' anywhere in the world (not sure why you would do that but fun example)</span></div>
<div><span style="font-size: 12pt;">4. Anywhere in North America</span></div>
<div><span style="font-size: 12pt;"><br>
</span></div>
<div><span style="font-size: 12pt;">So you can open up your system based solely on where you know your real users are located.</span></div>
<div><br>
</div>
<p>-=Michelle=-<br>
</p>
<p><br>
</p>
<div style="color: #282828;">
<hr tabindex="-1" style="display: inline-block; width: 98%;">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size: 11pt;"><b>From:</b> asterisk-users-bounces@lists.digium.com <asterisk-users-bounces@lists.digium.com> on behalf of motty cruz <motty.cruz@gmail.com><br>
<b>Sent:</b> Friday, April 4, 2014 11:15 AM<br>
<b>To:</b> Asterisk Users List<br>
<b>Subject:</b> Re: [asterisk-users] Asterisk 1.6</font>
<div> </div>
</div>
<div>
<div dir="ltr">Hello Ishfaq, outside users usually travel around the country and connect from different network, so it won't be possible to lock it down to specific IP.
<div><br>
</div>
<div>Thanks for your support. </div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Apr 4, 2014 at 8:03 AM, Ishfaq Malik <span dir="ltr">
<<a href="mailto:ish@pack-net.co.uk" target="_blank">ish@pack-net.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: #cccccc; border-left-style: solid; padding-left: 1ex;">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">
<div>On 4 April 2014 15:22, motty cruz <span dir="ltr"><<a href="mailto:motty.cruz@gmail.com" target="_blank">motty.cruz@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: #cccccc; border-left-style: solid; padding-left: 1ex;">
<div dir="ltr">thank you all for your support. I am using Linux, I only have about 7 users outside our home network. I will learn fail2ban and will use it accordingly.
<div><br>
</div>
<div>again Thanks for your support. </div>
</div>
<div>
<div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote"><br>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<div>Do the 7 users outside of your home network always connect from the same IP addresses? If so, you can just lock down your SIP port to those 7 IPs explicitly in your IPTables configuration.</div>
<div><br>
</div>
<div>Another option would be to change which port you're running SIP on. </div>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">
<pre>Ishfaq Malik
Department: VOIP Support
Company: Packnet Limited
t: <a href="tel:%2B44%20%280%29845%20004%204994" value="+448450044994" target="_blank">+44 (0)845 004 4994</a>
f: <a href="tel:%2B44%20%280%29161%20660%209825" value="+441616609825" target="_blank">+44 (0)161 660 9825</a>
e: <a href="mailto:ish@pack-net.co.uk" target="_blank">ish@pack-net.co.uk</a>
w: <a href="http://www.pack-net.co.uk/" target="_blank">http://www.pack-net.co.uk</a>
Registered Address: PACKNET LIMITED, Duplex 2, Ducie House
37 Ducie Street
Manchester, M1 2JW
COMPANY REG NO. 04920552
</pre>
</div>
</div>
</div>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com/" target="_blank">
http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</body>
</html>