[asterisk-users] iptables example
Scott Wolfe
scottwolfe at orbus.net
Wed Nov 29 02:35:10 MST 2006
I use BFD on several of my servers. Works great. http://www.rfxnetworks.com/bfd.php
----- Original Message -----
From: Jeronimo Romero
To: Asterisk Users Mailing List - Non-Commercial Discussion
Sent: Tuesday, November 28, 2006 11:54 PM
Subject: [asterisk-users] iptables example
Hey everyone. I recenty installed a server at a datacenter offsite and the thing is getting hammered with invalid ssh logins so I decided to use some iptables.
I included my ruleset here. I was wondering if I could get some feedback based on my ruleset from those of you using iptables in production systems. It seems to be working but some critique would be appreciated. Thanks
#!/bin/sh
# My system IP/set ip address of server
SERVER_IP="x.x.x.x"
# Flushing all rules
iptables -F
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow incoming ssh only from secure hosts
iptables -A INPUT -p tcp -s x.x.x.x -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s x.x.x.x -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
#Allow http & Asterisk Related Traffic
iptables -A INPUT -p tcp -i eth0 --dport 80 -m state --state NEW -j ACCEPT
# SIP on UDP
iptables -A INPUT -p udp -m udp --dport 5004:5082 -j ACCEPT
# IAX2-
iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT
# IAX -
iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT
# RTP - the media stream
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -j ACCEPT
------------------------------------------------------------------------------
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20061129/18826e9a/attachment.htm
More information about the asterisk-users
mailing list