On Tue, 2010-04-13 at 09:47 +0100, Gordon Henderson wrote: > On Tue, 13 Apr 2010, Alyed wrote: > > > Think we need some solution WITHIN the Asterisk core. Roderick A. suggested > > something that looks nice using iptables, some others have pointed out using > > RBL or fail2ban, but the best would be to have some generic solution not > > dependant on third party programs. > > I'd strongly disagree with this. (And I was the OP of this thread and had > my home/office network connection taken down due to it) > > But then, I'm an old worldy Unix sysadmin and the philosophy of having a > program do one thing well is still etched into my core... > > http://en.wikipedia.org/wiki/Unix_philosophy > > So get asterisk to do what it does well, then get something else that does > what you need to do just as well - built-in to Linux are the iptables > firewall rules. Use them! They are very effective and do work. (And you > have a choice!)
I'll agree with you here. Any aditional security within * is fine, but if someone is simply drowning your bandwith, action must be taken at a lower level. Otherwise you endup re-inventing the wheel for D.o.s. attackes for voip, mail, ssh, ldap, http, rsync, (or any other service you might be running) So a proper job for ip(6)tables, imho -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
