May I assume this firewall module is not usable with boards that only
have a single Ethernet port?
John Novack
Philip Prindeville wrote:
Darrick Hartman (lists) wrote:
Michael Keuter wrote:
-Philip
A problem in Astlinux is, that before you can add an attacker to the
blocklist (when you see the attacks in realtime), the "/var/"
partition will be full within 2-3 minutes just because of the growing
syslog :-(. And from that point in time you do not have any logs at
all. Is there a way that the rotated log can automatically zipped?
You can set Arno's firewall not to log blocked attacks. That is an option.
--
Darrick Hartman
Hi Darrick,
I know that, but when the attack starts (and you don't see the attack
live) you don't know the attacker IP-address. Then the log messages
are coming from Asterisk. And within 2-3 minutes /var/ is full by the
log messages of Asterisk (not by the firewall).
Two ways around that.
1). If you have enough system ram, you can set the size of the var
partition in the rc.conf file to a larger size.
2). Only allow SIP access from the IP addresses that you need to allow.
Instead of having a wide-open port 5060, only accept SIP traffic from
the IP addresses of your VOIP provider.
Of course, if you're allowing anonymous calls into your Asterisk system,
you can't do #2.
Darrick
Michael:
The outstanding news is that anyone can contribute to Arno's Iptables
Firewall, including you. :-)
Seriously though, it shouldn't be too hard to take
/usr/share/arno-iptables-firewall/plugins/50ssh-brute-force-protection.plugin
(or whatever it's called) and tweak it to do the same sort of
rate-limiting with UDP traffic to port 5060 (or 5060-5064 or whatever).
Try doing that... getting it working, and we can see about submitting it
to Arno as part of the user contributed list of plugins.
He's very receptive. :-)
-Philip
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
--
Dog is my co-pilot
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
