[asterisk-users] SECURITY QUESTION & SANITY CHECK
Mr Shunz
mrshunz at gmail.com
Mon Aug 25 04:53:01 CDT 2008
Hi,
[snip]
> For example I tried to block registrations from other subnets as
> follows:
> [general]
> ...
> deny=0.0.0.0/0.0.0.0 ;deny all by default?
> permit=10.1.0.0/255.255.0.0 ;allow registrations from local
> subnet?
you should put deny/permit PER peer as
[200]
type=friend
username=200
password=200
deny=0.0.0.0/0.0.0.0
permit=10.1.0.0/255.255.0.0
we have various installation with * on pubblic IP with upstream
SIP registration and private internal SIP peers.
btw, to be really sure, you sould have a firewall to block
routing of 10.1.0.0/16 class from your public IP.
cheers
--
------------------------------------------------
Daniele Santi .o.
daniele at santi.vr.it ..o () ascii ribbon campaign
Linux User #415108 ooo /\ www.asciiribbon.org
------------------------------------------------
More information about the asterisk-users
mailing list