[Asterisk-Users] Re: Open Ports
Norman Zhang
norman.zhang at rd.arkonnetworks.com
Sat Dec 18 10:35:42 MST 2004
Tom Ivar Helbekkmo wrote:
>>I guess the first few packets from them to you might get dropped
>>because they don't match an "established" outbound connection, but
>>as soon as you start sending packets to them, your firewall will
>>allow two-way flow...
>
> That's the trick, yes. It works because RTP streams look as if they
> are bidirectional, so as soon as the first outgoing packet has been
> transmitted, the incoming stream is permitted.
I like your setup. I guess this will reduce some malicious incoming
attack. Does performance suffers from this? Do I need canreinvite=yes?
Regards,
Norman Zhang
More information about the asterisk-users
mailing list