Checkout www.pfsense.com Although not a gui addon as a standalone solution it is excellent.
Thanks John -----Original Message----- From: Peter MacFarlane [mailto:[EMAIL PROTECTED] Sent: Monday, March 05, 2007 3:34 PM To: [email protected] Subject: Re: [on-asterisk] hacked [EMAIL PROTECTED] Thanks, guy. I was looking for a better pf tutorial. Hopefully there is something advanced on reserving SIP channel bandwidth because I just don't seem to be able to get that to work somehow. There must also be a decent web admin interface for pf around by now. I don't seem to mind working from the CLI but it would be nice to see something more advanced. Peter M. Ian Darwin wrote: > None of this surprises me somehow. > > Peter MacFarlane wrote: >> You should really have a firewall that filters out most of these >> going to the Internet. As a general rule, only open to the outside >> what is required for access. That is the best default for security. >> There is an application or option you can add to your Linux server >> that cuts off ssh login attempts from an IP after so many attempts. >> I don't know what it is at the moment but I saw it used. Works well. >> >> I use OpenBSD and the pf firewall allows traffic to be directed to >> specific servers. Hopefully the cracker robots can be cut off there >> as well. I'll have to check that out. Strong passwords are one of >> your best assets. I hear that OpenBSD runs Asterisk well also, if you >> don't need card drivers. That might be a nice two-in-one box. > > Yes, pf has an option > > max-src-conn-rate <number> / <seconds> > Limit the rate of new connections over a time interval. The con- > nection rate is an approximation calculated as a moving average. > > See Peter Hansteen's excellent pf tutorial. Start at the page > > http://www.bgnett.no/~peter/pf/en/bruteforce.html > > for details on this option in particular, or go to that directory and > read the whole thing. > > And yes, I run my "production" (but low volume) Asterisk server on > OpenBSD, using hard phones, the odd ATA, and DID service from Unlimitel. > > Ian > > > > -- Peter L. MacFarlane, ACP C & P Consulting 2000 Charlottetown PEI --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
