Re: [Astlinux-users] SIP Provider Firewall Rules

Michael Knill Sun, 15 Oct 2017 15:41:03 -0700

Yes I did. 
Thanks so much again for my lesson (

Regards
Michael Knill


-----Original Message-----
From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net>
Date: Monday, 16 October 2017 at 9:27 am
To: AstLinux List <astlinux-users@lists.sourceforge.net>
Subject: Re: [Astlinux-users] SIP Provider Firewall Rules

> Actually just to check. Is this valid:
> 
> Pass EXT->Local       UDP     125.213.160.0/22        5060,16384-17384

Yup, looks good to my eye.

If you get a 'green' "Firewall has Restarted." in the web interface after { 
Restart Firewall } that implies there are no iptables errors.

If you want to test deeper, issue from the CLI, you should see something like 
...

# iptables-save | grep '125.213.160'
--
-A EXT_INPUT_CHAIN -s 125.213.160.0/22 -p udp -m udp --dport 5060 -j ACCEPT
-A EXT_INPUT_CHAIN -s 125.213.160.0/22 -p udp -m udp --dport 16384:17384 -j 
ACCEPT
--

Lonnie


On Oct 15, 2017, at 4:33 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> 
wrote:

> Actually just to check. Is this valid:
> 
> Pass EXT->Local       UDP     125.213.160.0/22        5060,16384-17384
> 
> Regards
> Michael Knill
> 
> -----Original Message-----
> From: Michael Knill <michael.kn...@ipcsolutions.com.au>
> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Date: Monday, 16 October 2017 at 8:13 am
> To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Subject: Re: [Astlinux-users] SIP Provider Firewall Rules
> 
> Thanks Lonnie. I have learnt something once again
> 
> Regards
> Michael Knill
> 
> -----Original Message-----
> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Date: Saturday, 14 October 2017 at 12:08 am
> To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Subject: Re: [Astlinux-users] SIP Provider Firewall Rules
> 
> 
> On Oct 12, 2017, at 10:27 PM, Michael Knill 
> <michael.kn...@ipcsolutions.com.au> wrote:
> 
>> I wondering how I can limit connection to port 5060 to a specific provider 
>> IP Address range?
>> Does a Pass EXT -> Local rule for with a source of the provider IP range 
>> deny all others?
>> 
>> Regards
>> Michael Knill
> 
> Yes, only the source address(es) in "Pass EXT->Local" will be allowed.  A 
> source address of "0/0" will allow any.
> 
> As for a "provider IP range" source address you have a few options ...
> 
> 1) Use a CIDR source address
> Example: 1.2.3.1/28
> --
> 1.2.3.1 to 1.2.3.14
> --
> Tip -> Used "netcalc 1.2.3.4/28" command in AstLinux for help
> 
> 2) Use DynDNS Host Open plugin (dyndns-host-open)
> Example: Assuming sip.example.tld has multiple A DNS records for host
> --
> DYNDNS_HOST_OPEN_UDP="sip.example.tld~5060"
> --
> 
> 3) Using Last Octet Range feature of our AIF firewall
> Example: 1.2.3.4-8
> --
> 1.2.3.4 to 1.2.3.8
> --
> Note -> Range only works for the last octet
> 
> 
> Options listed in my personal order of preference.
> 
> Lonnie
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> 
> 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Re: [Astlinux-users] SIP Provider Firewall Rules

Reply via email to