[asterisk-biz] 87.230.80.186 - Trying to register (Zeeshan Zakaria)
Calleasy BsAS
sisint2005 at hotmail.com
Thu Jun 24 16:01:29 CDT 2010
I think that you need add some changes in the RULE sentence or add some other,
iptables -I INPUT -p TCP -s 87.230.90.5 --dport 5060 -j REJECT ( yes need the -j)
former needs the -j in any rules this tell iptables modules to which target JUMP when the condition was matched or satisfied.
on this rule you are telling to iptables that all the packets coming from this source ip, and having TCP protocol pointed to destinatio port
must jump to ----------> other module or action .. inthis case REJECT or DROP or to a custom CHAIN ( i.e. BADGUYS ) where you specifiy new rules to "treat" to the badguys"
said this, some suggestions follows....
1) change "-A INPUT" for "-I INPUT" so the rule will be inserted at the top , avoiding travel trough other rules with not any sense :-) , must hurry to block the enemy!!!!
2) change -p tcp ( must be in lower case) for -p all ( if your version support it, or insert two rules one for "udp" other for "tcp" if you PBX accept registration on tcp conn,, or just don't put anything in the protcol parameter , iptables -I INPUT -s 87.230.90.5 -j REJECT it must block any packet from this source don't care protocl or port,) check you conf for sip. to know if you acceppt registration on TCP , former asterisk version (1.4 or lower DON'T )
3) change REJECT ( this create outgoing trafiic replying "rejected" ) by DROP ( just left the packet on the floor :-) )
4) add -i ethX if you have more than one Ethertnet o network adapter , ( means on which device to apply the filter ) more efective , less charge to SPI the packet
5) if you have one router/Bridge ( brX inteface on linux box for QoS, br is made with two or more interfaces "bridged" at layer 2 ) and / or your have enable forwarding between two interfaces, some rule also must be applied to FORWARD chain , or the OUTPUT chain inthe interface that connect to youur PBX regarding the source ip addres -s 87.230.90.5 to avoid outgoing traffic from this source to your PBX , beacuse INPUT ONLY APPLIES TO THOSE PACKET THAT GO INTO THE BOX , NOT FOR passtrough o forward... be carefull with that
once you have write the filter can check if it working using "iptables -L -vn" this shows up the packets that match in the rules
example follow
log]# iptables -L -vn
prints something like this
Chain INPUT (policy ACCEPT 16M packets, 1614M bytes)
pkts bytes target prot opt in out source destination
1 144 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1712:1720
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1712:1720
20 824 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
252 13772 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 17M packets, 1958M bytes)
pkts bytes target prot opt in out source destination
note here i block h323 ports , ssh and MySQL from any source
from any in interface eth1, and like can see bttom there a listiong for the other CHAINS
i hope that i was helpfull for you .
i appologize for extesion :-) , but if it could help .
Marcos
_________________________________________________________________
Ahora Hotmail es un 70% más rápido. Para que chequear correos sea cada vez más fácil. Ver más
http://www.descubrehotmail.com/velocidad.asp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-biz/attachments/20100624/84234260/attachment.htm
More information about the asterisk-biz
mailing list