What distribution are you using? Below is a tutorial from the ubuntu site but it should give you the basics of setting up iptables rules. I have created custom rules for all my servers and the amount of junk traffic has been dramatically reduced.
Good Luck!! https://help.ubuntu.com/community/IptablesHowTo Jim Eric Fort wrote: > use IP tables and start with deny all. Follow this by allowing only > the protocols/ports you want and only the source/destination ip's you > wish to allow. these can be combined to say allow ssh from anywhere > but only allow sip (and it's range of ports) to/from a very limited > set of ip's belonging to say your ITSP. for users that move about a > bunch they can use vpn to an allowed subnet. > > Eric > > On Sat, Feb 7, 2009 at 5:47 PM, oumar ndiaye <ondi...@antg.com> wrote: > >> David, >> Thanks in advance. Where do I change the user/peers definition? Is it in the >> firewall of the OS? In that case that won't work because the server host >> other services such as ssh http that are open to any IP as long as the user >> has the correct credentials. Doesn't asterisk itself has built in security >> filters? >> >> If the only choice is to do in the OS's firewall, then I will need to >> include the port numbers of SIP, IAX in my firewall rules. In this case, >> which ports should I block to keep unwanted SIP/IAX connections from >> specific IP's. >> Thanks. >> >> On Sat, Feb 7, 2009 at 9:29 AM, David fire <ddf...@gmail.com> wrote: >> >>> you have many options but you should use it together. >>> firewall >>> >>> in the user/peers definitions add host=<ip> >>> and/or >>> deny=0.0.0.0/0.0.0.0 >>> permit=<ip>/<mask> >>> >>> change the ip of your server. >>> >>> use something like ossec to avoid force brute. >>> >>> David >>> >>> 2009/2/6 oumar ndiaye <ond4...@gmail.com> >>> >>>> Is there a way to restrict connection to my asterisk server to users >>>> based on their IP addresses, and not just password. I have some hackers who >>>> connect to my server to make illegitimate solicitation calls to people. I >>>> had to shutdown the server for now until I find a solution. ANY HELP? >>>> Thanks. >>>> ond >>>> _______________________________________________ >>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>> >>>> asterisk-users mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>> >>> >>> -- >>> (\__/) >>> (='.'=)This is Bunny. Copy and paste bunny into your >>> (")_(")signature to help him gain world domination. >>> >>> >>> _______________________________________________ >>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>> >>> asterisk-users mailing list >>> To UNSUBSCRIBE or update options visit: >>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> >> >> -- >> Oumar Ndiaye >> CTO >> ANTG Telecom >> www.antg.com >> ondi...@antg.com >> ondi...@alum.mit.edu >> ond4...@gmail.com >> Tel: +1-919-291-8742 >> >> >> _______________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> >> > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users