<html><body bgcolor="#FFFFFF"><div>Asterisk does not expose low-level control of its SIP stack. It's something intended to be configured and used at the application level.</div><div><br></div><div>If you really want to do this without a firewall, put a Kamailio proxy in front of your Asterisk install and drop things as you see fit. But why go through the trouble? What's wrong with iptables?<br><br>--<div>Alex Balashov - Principal</div><div>Evariste Systems LLC</div><div>260 Peachtree Street NW</div><div>Suite 2200</div><div>Atlanta, GA 30303</div><div>Tel: +1-678-954-0670</div><div>Fax: +1-404-961-1892</div><div>Web: <a href="http://www.evaristesys.com/"><a href="http://www.evaristesys.com/">http://www.evaristesys.com/</a></a></div></div><div><br>On Jul 22, 2011, at 9:30 PM, Bruce B <<a href="mailto:bruceb444@gmail.com">bruceb444@gmail.com</a>> wrote:<br><br></div><div></div><blockquote type="cite"><div>Thanks for the input. I am really surprised. But yes, I want exactly what firewall does, DROP packet instead of REJECTING it.<div><br></div><div>So, you are saying that one has to tamper the SIP stack to add the option to not respond to un-trusted sources?</div>
<div>I really thought Asterisk might have this built in as a feature.</div><div><br></div><div><br></div><div>I can't even do a dialplan search for a registered PEER because even if I find the IP to not be a trusted I still need to Hangup() on the invite which in turn send 603 Declined. </div>
<div><br></div><div>There isn't really any work-around to this?</div><div><br></div><div>Thanks again</div><div><br><br><div class="gmail_quote">On Fri, Jul 22, 2011 at 7:39 PM, Alex Balashov <span dir="ltr"><<a href="mailto:abalashov@evaristesys.com"><a href="mailto:abalashov@evaristesys.com">abalashov@evaristesys.com</a></a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div></div><div class="h5">On 07/22/2011 07:32 PM, Bruce B wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
I am wondering if there is a way to drop SIP packets for generic<br>
transactions? For example, only SIP PEERs are allowed to call in and<br>
receive ACK or Declined rather that those inviting a call who are not<br>
PEERs at all.<br>
<br>
Currently my Asterisk setup sends, "*SIP/2.0 603 Declined" *to any<br>
stranger invites because my dialplan includes Hangup(). Is there any<br>
way I can not send a 603 declined so to mislead the probe runner?<br>
</blockquote>
<br></div></div>
There is really no way to accomplish that except with a firewall.<br>
<br>
<br>
-- <br>
Alex Balashov - Principal<br>
Evariste Systems LLC<br>
260 Peachtree Street NW<br>
Suite 2200<br>
Atlanta, GA 30303<br>
Tel: <a href="tel:%2B1-678-954-0670" value="+16789540670" target="_blank">+1-678-954-0670</a><br>
Fax: <a href="tel:%2B1-404-961-1892" value="+14049611892" target="_blank">+1-404-961-1892</a><br>
Web: <a href="http://www.evaristesys.com/" target="_blank"><a href="http://www.evaristesys.com/">http://www.evaristesys.com/</a></a><br>
<br>
--<br>
______________________________<u></u>______________________________<u></u>_________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank"><a href="http://www.api-digital.com">http://www.api-digital.com</a></a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank"><a href="http://www.asterisk.org/hello">http://www.asterisk.org/hello</a></a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank"><a href="http://lists.digium.com/">http://lists.digium.com/</a><u></u>mailman/listinfo/asterisk-<u></u>users</a><br>
</blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>--</span><br><span>_____________________________________________________________________</span><br><span>-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com">http://www.api-digital.com</a> --</span><br><span>New to Asterisk? Join us for a live introductory webinar every Thurs:</span><br><span> <a href="http://www.asterisk.org/hello"><a href="http://www.asterisk.org/hello">http://www.asterisk.org/hello</a></a></span><br><span></span><br><span>asterisk-users mailing list</span><br><span>To UNSUBSCRIBE or update options visit:</span><br><span> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users"><a href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a></a></span></div></blockquote></body></html>