[Asterisk-Users] Asterisk iptables rules

Goran Tornqvist goran at goran.aleborg.se
Thu Oct 27 02:53:03 MST 2005 

One last check...won't ask again, promise :)
Does someone know a solution to my problem below?

Best Regards
Goran
  ----- Original Message ----- 
  From: Goran Tornqvist 
  To: asterisk-users at lists.digium.com 
  Sent: Wednesday, October 26, 2005 10:33 AM
  Subject: Asterisk iptables rules


  Hello,
  I have trouble getting asterisk to work with my new firewall script (see below).
  I used this info as base: 'http://www.voip-info.org/wiki-Asterisk+firewall+rules
  And then modified it to suit my needs.

  I use only SIP and the problem is that the calls get in to asterisk when the firewall is activated.
  But my agents/phones cant register or receive any calls. So all calls get stuck in queue on asterisk.
  So I believe Im missing some rule perhaps?

  Can anyone help me sort this out?

  Thanks...

  Best Regards
  Goran

  /etc/init.d/firewall
  ======================================

  #IPTables firewall configuration for X

  export PATH=$PATH:/sbin

  case "$1" in
    start)

      echo "Starting iptables firewall..."

      iptables --flush
      iptables --delete-chain

      iptables -A INPUT -p icmp -i eth0 -j ACCEPT

      # START OPEN PORTS
      #=================

      #SSH (22)
      iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

      #SAMBA: netbios (139) , microsoft-ds (445)
      iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT
      iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT
      
      #ASTERISK

        # SIP (UDP 5060)
        iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT
        iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT

        # IAX2/IAX 
        iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT
        iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT 

        # RTP - the media stream 
        iptables -A INPUT -p udp -m udp -i eth0 --dport 10000:20000 -j ACCEPT 

        # MGCP - if you use media gateway control protocol in your configuration 
        iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT 

      #END ASTERISK    

      #MySQL (3306)
      iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT
      iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT

      #SNMP (161) - Allow from cacti server
      iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
      iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT

      #Ftp / Passive ports
      iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
      iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT

      #Http / Web
      iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT

      #Webmin (10000)
      iptables -A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT

      # END OPEN PORTS
      #=================

      #Deny everything else
      iptables -A INPUT -p all -i eth0 -j DROP

      exit 0;
      ;;

    stop)

      echo "Stopping iptables firewall..."
      iptables --flush
      iptables --delete-chain

      exit 0;
      ;;

    *)
      echo "Valid switches: firewall start , firewall stop";

  esac;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20051027/cf559615/attachment.htm

More information about the asterisk-users mailing list