Duane at e164 dot org wrote:
Dave Bour wrote:
Ip blocking of everything outside the geographic range you need to deal
with...ie block everything except Canada/US for connecting to your server in my
case.
Considering how many trojans there are, this is of limited security value.
Don't accept SIP or IAX connections from any random addresses.
If you need SIP connections from the outside, either you know where
people work,
or you have road warriors.
For the former, a table of IP addresses from which SIP phones can connect.
For the latter case, given that they probably have laptops and are using
a softphone,
make them SSH login, and have that login trigger an opening back for
their IP
so their SIP phone can get through your firewall.
This should be an option on any reasonably useful firewall. See for
example authpf:
http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&format=html
(Note the BUGS section at the end).
And yes, there are other use cases this may not cover, but it works for
some.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
