----- Original Message -----
Sent: Wednesday, October 26, 2005 10:33
AM
Subject: Asterisk iptables rules
Hello,
I have trouble getting asterisk to work with my
new firewall script (see below).
And then modified it to suit my
needs.
I use only SIP and the problem is that the calls
get in to asterisk when the firewall is activated.
But my agents/phones cant register or receive any
calls. So all calls get stuck in queue on asterisk.
So I believe Im missing some rule
perhaps?
Can anyone help me sort this
out?
Thanks...
Best Regards
Goran
/etc/init.d/firewall
======================================
#IPTables firewall configuration for
X
export PATH=$PATH:/sbin
case "$1" in
start)
echo "Starting iptables
firewall..."
iptables
--flush
iptables --delete-chain
iptables -A INPUT -p icmp -i
eth0 -j ACCEPT
# START OPEN
PORTS
#=================
#SSH
(22)
iptables -A INPUT -p tcp -i eth0 --dport 22 -j
ACCEPT
#SAMBA: netbios (139) ,
microsoft-ds (445)
iptables -A INPUT -p tcp -i eth0
--dport 139 -j ACCEPT
iptables -A INPUT -p tcp -i eth0
--dport 445 -j ACCEPT
#ASTERISK
# SIP (UDP
5060)
iptables -A INPUT -p tcp -m tcp -i
eth0 --dport 5060 -j ACCEPT
iptables -A
INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT
# IAX2/IAX
iptables -A INPUT -p udp -m udp -i eth0
--dport 4569 -j ACCEPT
iptables -A INPUT -p
udp -m udp -i eth0 --dport 5036 -j ACCEPT
# RTP - the media
stream
iptables -A INPUT -p udp -m udp -i
eth0 --dport 10000:20000 -j ACCEPT
# MGCP - if you
use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp -i eth0
--dport 2727 -j ACCEPT
#END
ASTERISK
#MySQL
(3306)
iptables -A INPUT -p tcp -i eth0 --dport 3306 -j
ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 3306 -j
ACCEPT
#SNMP (161) - Allow from cacti
server
iptables -A INPUT -p tcp -i eth0 --dport 161
--source x.x.x.x -j ACCEPT
iptables -A INPUT -p udp -i
eth0 --dport 161 --source x.x.x.x -j ACCEPT
#Ftp / Passive
ports
iptables -A INPUT -p tcp -i eth0 --dport 21 -j
ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport
64785:64799 -j ACCEPT
#Http /
Web
iptables -A INPUT -p tcp -i eth0 --dport 80 -j
ACCEPT
#Webmin
(10000)
iptables -A INPUT -p tcp -i eth0 --dport 10000
-j ACCEPT
# END OPEN
PORTS
#=================
#Deny everything
else
iptables -A INPUT -p all -i eth0 -j
DROP
exit 0;
;;
stop)
echo "Stopping iptables
firewall..."
iptables --flush
iptables --delete-chain
exit 0;
;;
*)
echo "Valid
switches: firewall start , firewall stop";
esac;