On Tue, 5 Apr 2011, Steve Edwards wrote:
On Tue, 5 Apr 2011, Gilles wrote:
I'm no expert of iptables, and it seems like it can handle banning
IP's that are trying to register and fail too many times.
Is there a good iptables configuration that I could use as reference?
Gordon Henderson posted a link to his script that handled failures above a
threshold and some other cool stuff a few months back.
Try searching the archives.
Have a look at these:
http://unicorn.drogon.net/firewall
That's a very basic iptables firewall script. You can not run this as-is,
you will need to chang it.
This:
http://unicorn.drogon.net/firewall2
is a bit more complicated. It includes some more stateful rules to check
and automatically slow-down bulk connections. It's not perfect, but it
could be used as a starting point for your own thing. A word of warning
though - it's not suitable for light-weight/embedded devices. These rules
can result in significant kernel processing.
You may also wish to look at this:
http://blog.elphel.com/2011/03/hardening-the-asterisk-based-phone-system
It's a blog post by Andrey Filippov based on some of my work and some of
his own. It's all good stuff.
Gordon
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
