Are you planning to accept remote SIP calls/registrations over UDP, TCP
and TLS? If so, then your 5060/5061 rules are good. If you aren't using
all of those transport methods, then you can disable the ones you don't
need, or setup more granular ACLs.
Since it doesn't look like your Astlinux box is routing anything, unless
you have any other services running (ie: OpenVPN, etc.) that you want to
be accessible, then you should be good to go.
--James
On 02/10/2013 09:16 PM, Shamus Rask wrote:
That did the trick, thanks!
I would be very grateful for any recommendations for the firewall.
I've currently got AstLinux sitting behind my router with ports
5060-5061 and 10000-10128 forwarded to it. I enabled the firewall;
enabled adaptive-ban and ids-protection plugins and configured the
following rules:
Pass EXT->Local TCP/UDP 0/0 5060-5061
Pass EXT->Local TCP 192.168.2.0/24 22
Pass EXT->Local TCP 192.168.2.0/24 443
Pass EXT->Local TCP 192.168.2.0/24 80
Pass EXT->Local UDP 0/0 10000-10128
Am I missing anything obvious?
cheers,
Shamus
Message: 3
Date: Sun, 10 Feb 2013 13:07:26 -0600
From: Lists <li...@lonnie.abelbeck.com
<mailto:li...@lonnie.abelbeck.com>>
Subject: Re: [Astlinux-users] Firewall
To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net
<mailto:astlinux-users@lists.sourceforge.net>>
Message-ID: <a40acf32-a2dd-4ee4-bd0e-a0ce64d0d...@lonnie.abelbeck.com
<mailto:a40acf32-a2dd-4ee4-bd0e-a0ce64d0d...@lonnie.abelbeck.com>>
Content-Type: text/plain; charset="us-ascii"
Almost... it is...
$ service iptables stop
Access via the web interface again, add Pass EXT->Local rules for TCP
80,443,22 . Restart Firewall and you are back in business.
Lonnie
On Feb 10, 2013, at 12:22 PM, "Fernando F." <digitaldis...@gmail.com
<mailto:digitaldis...@gmail.com>> wrote:
Shamus,
service stop iptables
to start
service start iptables
Thank You,
Fernando Fuentes
DIGITALVOIPNET.COM
On Sun, Feb 10, 2013 at 11:15 AM, Shamus Rask <sha...@srask.ca
<mailto:sha...@srask.ca>> wrote:
I'm running the latest version of AstLinux. A friend of mine
recently got hacked and I've read about the hacking attempts on
this list. Based on this, I decided it was time to enable the firewall.
From the network tab; I enabled the firewall with all default
settings. I am no longer able to access my PBX through either the
web page nor ssh (fortunately all of my SIP extensions are still
working).
How do I disable the firewall fro m the CLI? I will have to connect
a keyboard and monitor to access the console.
Many thanks,
Shamus
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
<mailto:Astlinux-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org <mailto:pay...@krisk.org>.
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
<mailto:Astlinux-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org <mailto:pay...@krisk.org>.
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
