On Fri, Jul 01, 2005 at 12:15:06PM -0400, Michael Stahl wrote: > You should be able to do a good job with IPTABLES which is included in > FC3. You can limit source & destp IP and protocol, etc. > > Type "man iptables | more" for more details...
Which will not get you anywhere. There are a number of relevant HOWTOs on this subject. One reasonable starting point is iptables (actually: netfilter)'s homepage: http://netfilter.org/documentation/index.html#documentation-howto Also worth mentioning is the command with the confusing name 'iptables-save', which dumps the current iptables rules and iptables-estore which restores from those rules. iptables-save is handy as a simple rules browser. But you should generate those rules in some automated way, because you'll need to somehow change them from a remote location when you'll least expect that. This is why I'd avoid most of the graphical apps such as firestarter. Shorewall mentioned earlier is also very handy. One of its design goals is to save you from mistakes and make it much less probable that you lock yourself out. However I chose to avoid it beccause it creates relatively complex and "expensive" rules: with Asterisk you'd want ti minimize the amounts of tests each good voip packet is subject to before it is allowed in. Shorewall's rules will subject the packet to many unnecessary rules. It may also be confusing for a simple one-interface server setup. That's why I have decided to write one myself. -- Tzafrir Cohen | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il | | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | | friend _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
