IPtables for Asterisk: Difference between revisions

From KlavoWiki
Jump to navigationJump to search
Created page with "This is my recommend IPtables for use with Asterisk that is connect to the internet. My goal here is ti block all SIP traffic except those to an ISP but allowing IAX2 inbound..."
 
No edit summary
 
(One intermediate revision by the same user not shown)
Line 2: Line 2:
<pre>
<pre>
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 5060 -j ACCEPT
iptables -A INPUT -p udp --dport 4569 -j ACCEPT
iptables -A INPUT -p udp --dport 4569 -j ACCEPT
iptables -A INPUT -p udp --dport 10000:12000 -j ACCEPT
iptables -A INPUT -p udp --dport 10000:12000 -j ACCEPT
Line 9: Line 8:
iptables -A INPUT -s 202.85.243.105 -j ACCEPT
iptables -A INPUT -s 202.85.243.105 -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P INPUT DROP
</pre>
</pre>

Latest revision as of 08:41, 4 August 2014

This is my recommend IPtables for use with Asterisk that is connect to the internet. My goal here is ti block all SIP traffic except those to an ISP but allowing IAX2 inbound. 

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 4569 -j ACCEPT
iptables -A INPUT -p udp --dport 10000:12000 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -s 202.169.178.10 -j ACCEPT
iptables -A INPUT -s 202.85.243.105 -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT
iptables -P INPUT DROP

The two IP address listed above are for ClubTelco and PennyTel.

Retrieved from ‘https://klaverstyn.com.au/david/wiki/index.php?title=IPtables_for_Asterisk&oldid=1640