Gordon Henderson wrote:
On Wed, 30 Mar 2011, Terry Brummell wrote:
Yah, sounds simple, how do you set it up to do this? Fail2Ban was
pretty easy, if it's that easy, why was F2B even created?
It's easy for me because I read an undestand how things work, and deal
with Linux firewalling in a daily basis. Fail2ban is an (almost) drop-in
solution which requires minimal thinking - just a few lines in a config
file to edit. (and python which I don't have installed on my systems)
And in case you missed Gordon's post (quite awhile ago) on this topic
this is what I use on CentOS 5 systems based on that:
#+# 20100917raa - Testing to prevent Asterisk registration attacks
-N AST_WHITELIST
-A AST_WHITELIST -s 10.10.3.21 -m recent --remove --name ASTERISK -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 10000:20000 -m state --state NEW
-m recent --set --name ASTERISK
-A RH-Firewall-1-INPUT -p udp --dport 10000:20000 -m state --state NEW
-j AST_WHITELIST
-A RH-Firewall-1-INPUT -p udp --dport 10000:20000 -m state --state NEW
-m recent --update --seconds 60 --hitcount 4 --rttl --name ASTERISK -j DROP
You can have multiple lines whitelisting IPs or ranges and set the
--hitcount and --update to what ever works for you. I don't get many
attacks. YMMV.
Rod
--
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
