All, I wonder if I may, once again, ask for your help.
Using the GUI to configure the firewall, my intent was to open only one "Source IP" to port 5060, for an off-site IP phone. I'm depending on frequent & regular registration traffic to keep port 5060 open to providers. Despite this, I see the occasional registration attempt from elsewhere, as shown below. Oct 13 04:23:36 sip local0.notice asterisk[2776]: NOTICE[2776]: chan_sip.c:16474 in handle_request_register: Registration from '"1010161682"<sip:1010161...@169.25.161.29>' failed for '140.117.176.226' - No matching peer found So, with all other source IPs closed to port 5060, how might a registration request from '140.117.176.226' be reaching Asterisk? The only thing that looked a bit suspicious in iptables, is this: Chain EXT_INPUT_CHAIN (2 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpts:5060:5080 However, it looks like the above is merely the result of settings in the SIP-VOIP plugin, which specifies ports 5060:5080. When disabling SIP-VOIP, the above entry goes away. Your thoughts? Thanks for considering my question. Dan ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.