I personally only allow IAX2 in and out from my asterisk box, due to the simplicity of one (udp) port. I do not relish the thought of trying to open the port ranges for SIP securely!
As long as your inbound stuff in iax.conf lands in a sensible context, inbound connections would only be able to call your internal extensions, and not make "cost" calls. Hope that helps.... Karl > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:asterisk-users- > [EMAIL PROTECTED] On Behalf Of Tony Hoyle > Sent: 22 May 2004 23:11 > To: [EMAIL PROTECTED] > Subject: [Asterisk-Users] Asterisk firewall config > > The asterisk wiki states that it needs SIP, IAX2, IAX and RTP open to the > world to work. Is this necessarily true, or does it only need some of > these > outgoing? > > I'm concerned as anyone that could guess an extension number&password > could > use my server to make outgoing calls. It would help if the extensions had > a > netmask/allowable IP setting like the iax.conf file uses, but there isn't > one > documented... > > Tony > > -- > Te audire no possum. Musa sapientum fixa est in aure. > > Tony Hoyle <[EMAIL PROTECTED]> Key ID: 104D/4F4B6917 2003-09-13 > Fingerprint: 063C AFB4 3026 F724 0AA2 02B8 E547 470E 4F4B 6917 > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > ________________________________________________________________________ > This e-mail has been scanned for all viruses by Star Internet. The > service is powered by MessageLabs. For more information on a proactive > anti-virus service working around the clock, around the globe, visit: > http://www.star.net.uk > ________________________________________________________________________ ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
