On 7/11/10 12:13 PM, Lonnie Abelbeck wrote: > On Jul 11, 2010, at 1:04 PM, Philip Prindeville wrote: > > >>> Pass EXT->Local | UDP | Source: 0/0 | Port: 10000-20000 >>> >>> (The port range here should exactly match your /etc/asterisk/rtp.conf >>> rtpstart-rtpend port range. Alternatively you can enable the 'sip-voip' >>> plugin, but personally I keep the 'sip-voip' plugin disabled and use the >>> above firewall rule.) >>> >>> Hope this helps. >>> >>> Lonnie >>> >>> >> The problem with this is it opens up ALL ports 10000-20000, not just >> those that are being used by RTP. >> >> I really, really recommend using the SIP-VOIP plugin instead. >> >> -Philip >> > In practice I use a *much* smaller port range for RTP, rather than the > default 10000-20000. > > Opening a very small UDP port range for RTP is not a problem for me. > > Yes, I know you like the "sip-voip" plugin. :-) > > Lonnie >
What's not to like about it? :-) More to the point, I like exposing only the barest minimal attack surfaces whenever I can. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
