Yes I did. Thanks so much again for my lesson ( Regards Michael Knill
-----Original Message----- From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Monday, 16 October 2017 at 9:27 am To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] SIP Provider Firewall Rules > Actually just to check. Is this valid: > > Pass EXT->Local UDP 125.213.160.0/22 5060,16384-17384 Yup, looks good to my eye. If you get a 'green' "Firewall has Restarted." in the web interface after { Restart Firewall } that implies there are no iptables errors. If you want to test deeper, issue from the CLI, you should see something like ... # iptables-save | grep '125.213.160' -- -A EXT_INPUT_CHAIN -s 125.213.160.0/22 -p udp -m udp --dport 5060 -j ACCEPT -A EXT_INPUT_CHAIN -s 125.213.160.0/22 -p udp -m udp --dport 16384:17384 -j ACCEPT -- Lonnie On Oct 15, 2017, at 4:33 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Actually just to check. Is this valid: > > Pass EXT->Local UDP 125.213.160.0/22 5060,16384-17384 > > Regards > Michael Knill > > -----Original Message----- > From: Michael Knill <michael.kn...@ipcsolutions.com.au> > Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Monday, 16 October 2017 at 8:13 am > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] SIP Provider Firewall Rules > > Thanks Lonnie. I have learnt something once again > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> > Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Saturday, 14 October 2017 at 12:08 am > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] SIP Provider Firewall Rules > > > On Oct 12, 2017, at 10:27 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > >> I wondering how I can limit connection to port 5060 to a specific provider >> IP Address range? >> Does a Pass EXT -> Local rule for with a source of the provider IP range >> deny all others? >> >> Regards >> Michael Knill > > Yes, only the source address(es) in "Pass EXT->Local" will be allowed. A > source address of "0/0" will allow any. > > As for a "provider IP range" source address you have a few options ... > > 1) Use a CIDR source address > Example: 1.2.3.1/28 > -- > 1.2.3.1 to 1.2.3.14 > -- > Tip -> Used "netcalc 1.2.3.4/28" command in AstLinux for help > > 2) Use DynDNS Host Open plugin (dyndns-host-open) > Example: Assuming sip.example.tld has multiple A DNS records for host > -- > DYNDNS_HOST_OPEN_UDP="sip.example.tld~5060" > -- > > 3) Using Last Octet Range feature of our AIF firewall > Example: 1.2.3.4-8 > -- > 1.2.3.4 to 1.2.3.8 > -- > Note -> Range only works for the last octet > > > Options listed in my personal order of preference. > > Lonnie > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.