[Asterisk-Users] Asterisk firewall config

Karl Dyson kd at junesta.com
Sat May 22 15:27:13 MST 2004 

I personally only allow IAX2 in and out from my asterisk box, due to the
simplicity of one (udp) port. I do not relish the thought of trying to
open the port ranges for SIP securely!

As long as your inbound stuff in iax.conf lands in a sensible context,
inbound connections would only be able to call your internal extensions,
and not make "cost" calls.

Hope that helps....

Karl

> -----Original Message-----
> From: asterisk-users-admin at lists.digium.com [mailto:asterisk-users-
> admin at lists.digium.com] On Behalf Of Tony Hoyle
> Sent: 22 May 2004 23:11
> To: asterisk-users at lists.digium.com
> Subject: [Asterisk-Users] Asterisk firewall config
> 
> The asterisk wiki states that it needs SIP, IAX2, IAX and RTP open to
the
> world to work.  Is this necessarily true, or does it only need some of
> these
> outgoing?
> 
> I'm concerned as anyone that could guess an extension number&password
> could
> use my server to make outgoing calls.  It would help if the extensions
had
> a
> netmask/allowable IP setting like the iax.conf file uses, but there
isn't
> one
> documented...
> 
> Tony
> 
> --
> Te audire no possum. Musa sapientum fixa est in aure.
> 
> Tony Hoyle <tmh at nodomain.org>  Key ID: 104D/4F4B6917 2003-09-13
> Fingerprint: 063C AFB4 3026 F724 0AA2  02B8 E547 470E 4F4B 6917
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 
>
________________________________________________________________________
> This e-mail has been scanned for all viruses by Star Internet. The
> service is powered by MessageLabs. For more information on a proactive
> anti-virus service working around the clock, around the globe, visit:
> http://www.star.net.uk
>
________________________________________________________________________



________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

More information about the asterisk-users mailing list