[asterisk-users] Can't block intrusion
Larry Moore
lmoore at starwon.com.au
Wed Apr 1 17:37:10 CDT 2020
On 2/04/2020 5:39 AM, Larry Moore wrote:
> On 2/04/2020 5:28 AM, Mark Boyce wrote:
>> On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com
>> <mailto:gdt at lexort.com>> wrote:
>>>
>>> I think you need to use tcpdump and turn up firewall debugging.
>>
>> sngrep is your friend …My bet is UDP vs TCP on firewall rules :-)
>>
>> Mark
>
> Or the stateful entry still exists when the table entry is updated.
>
> Does your script also issue a command to kill existing states from
> that host after it has updated the table, e.g. pfctl -k 45.143.220.235
>
> Larry.
>
Hmm, missed that in your original post. Could 'pfctl -K' be of help, I
would suggest either removing 'quick' from your 'pass' rule or placing
that line after the 'block' rules.
Larry.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20200402/3ef3e9b9/attachment.html>
More information about the asterisk-users
mailing list