[Asterisk-Users] Asterisk iptables rules

Thu, 27 Oct 2005 02:53:46 -0700

One last check...won't ask again, promise :)
Does someone know a solution to my problem below?
 
Best Regards
Goran
----- Original Message -----
Sent: Wednesday, October 26, 2005 10:33 AM
Subject: Asterisk iptables rules

Hello,
I have trouble getting asterisk to work with my new firewall script (see below).
And then modified it to suit my needs.
 
I use only SIP and the problem is that the calls get in to asterisk when the firewall is activated.
But my agents/phones cant register or receive any calls. So all calls get stuck in queue on asterisk.
So I believe Im missing some rule perhaps?
 
Can anyone help me sort this out?
 
Thanks...
 
Best Regards
Goran
 
/etc/init.d/firewall
======================================
 
#IPTables firewall configuration for X
 
export PATH=$PATH:/sbin
 
case "$1" in
  start)
 
    echo "Starting iptables firewall..."
 
    iptables --flush
    iptables --delete-chain
 
    iptables -A INPUT -p icmp -i eth0 -j ACCEPT
 
    # START OPEN PORTS
    #=================
 
    #SSH (22)
    iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
 
    #SAMBA: netbios (139) , microsoft-ds (445)
    iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT
    iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT
   
    #ASTERISK
 
      # SIP (UDP 5060)
      iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT
      iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT
 
      # IAX2/IAX
      iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT
      iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT
 
      # RTP - the media stream
      iptables -A INPUT -p udp -m udp -i eth0 --dport 10000:20000 -j ACCEPT
 
      # MGCP - if you use media gateway control protocol in your configuration
      iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT
 
    #END ASTERISK   
 
    #MySQL (3306)
    iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT
    iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT
 
    #SNMP (161) - Allow from cacti server
    iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
    iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
 
    #Ftp / Passive ports
    iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
    iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT
 
    #Http / Web
    iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
 
    #Webmin (10000)
    iptables -A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT
 
    # END OPEN PORTS
    #=================
 
    #Deny everything else
    iptables -A INPUT -p all -i eth0 -j DROP
 
    exit 0;
    ;;
 
  stop)
 
    echo "Stopping iptables firewall..."
    iptables --flush
    iptables --delete-chain
 
    exit 0;
    ;;
 
  *)
    echo "Valid switches: firewall start , firewall stop";
 
esac;
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --

Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to