On Tue, May 20, 2008 at 06:46:49AM -0400, Raj Jain wrote: > One way to make the system more secure would be by not opening these ports > statically in Linux iptables. I have not tested this, but Linux iptables > have shipped with ip_nat_sip and ip_conntrack_sip modules since kernel > version 2.6.18. With these modules, Linux iptables will act as a SIP-aware > NAT that opens the ports dynamically depending on what's exchanged in the > signaling.
Err... and if you want to allow someone to connect to UDP port 5060 of your boxm what iptables trick should you use? -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users