On 06/13/2010 02:07 AM, dotnetdub wrote: > > The trouble with whitelisting, or using iptables to block 5060 (in fact > * is behind a router - 5060 is port forwarded) is that traveling > employees wouldn't be able to register with inbound extensions. We set > up our travelers so they can connect from wherever, and be treated as if > they were at a local extension. That is, the employee can dial 151, or > be dialed at his extension. He can not however dial third parties, or at > least isn't supposed to. > > sean > > > > If you leave your asterisk box open to the world with passwords like > 0000 you deserve to be hacked.. > > Are your travelling people using softphones? If they are VPN would be a > good idea.. > >
Ok. Obviously we deserve all this, and I should mess around with setting complex passwords for all my internal extensions. And I should accept suffering as part atoning for our errors. I was actually interested in a more prosaic question: does deny/permit in the sip stanzas which have an outgoing context solve my immediate problem: limiting access to sip for outgoing calls? sean -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
