On Tue, 13 Apr 2010, Alyed wrote: > Think we need some solution WITHIN the Asterisk core. Roderick A. suggested > something that looks nice using iptables, some others have pointed out using > RBL or fail2ban, but the best would be to have some generic solution not > dependant on third party programs.
I'd strongly disagree with this. (And I was the OP of this thread and had my home/office network connection taken down due to it) But then, I'm an old worldy Unix sysadmin and the philosophy of having a program do one thing well is still etched into my core... http://en.wikipedia.org/wiki/Unix_philosophy So get asterisk to do what it does well, then get something else that does what you need to do just as well - built-in to Linux are the iptables firewall rules. Use them! They are very effective and do work. (And you have a choice!) The biggest issue I see is that people are installing Asterisk and other high-level applications on top of Linux (and other *nix'es) without the experience of "sysadmin" - then when something goes wrong they want the application to fix it rather than apply some basic and pretty fundamental sysadmin techniques to solve the issue. And that means that even having permit= and deny= in sip.conf and iax.conf, etc. is too much. With proper OS level firewalling they're simply not needed and do nothing more than add another potential point of failure and add yet more code to maintain. Gordon -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
