Re: [Astlinux-users] Deny EXT -> Local

Lonnie Abelbeck Mon, 16 Aug 2021 19:52:11 -0700

Hi Michael,

You are not missing anything, there is no selective "Deny EXT->Local" as that 
is the default.


Two solutions come to mind ...

1) Recreate the "Pass EXT->Local" to multiple entries to not include what you 
don't want to allow.

2) Add a custom rule in /mnt/kd/arno-iptables-firewall/custom-rules to 
implement the desired "Deny EXT->Local".

-- untested example custom-rules --

deny_ext_local()
{
  local proto="$1" host="$2" port="$3"

  echo "[CUSTOM RULE] Deny EXT->Local for Proto: $proto, Host: $host, Port: 
$port"
  iptables -A EXT_INPUT_CHAIN -s $host -p $proto --dport $port -j 
POST_INPUT_DROP_CHAIN
}
deny_ext_local udp 1.2.3.4 5060
deny_ext_local tcp 1.2.3.0/24 5061

--
(and test)


Lonnie



> On Aug 16, 2021, at 8:02 PM, Michael Knill 
> <michael.kn...@ipcsolutions.com.au> wrote:
> 
> Yes.
> 
> Regards
> Michael Knill
> 
> On 17/8/21, 10:35 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
> 
>    Are you saying you added a "Pass EXT->Local" but now want to deny a subset 
> of that ?
> 
>    Lonnie
> 
> 
> 
>> On Aug 16, 2021, at 6:20 PM, Michael Knill 
>> <michael.kn...@ipcsolutions.com.au> wrote:
>> 
>> Hi Group
>> 
>> Forgive my ignorance but just wondering how I do this. I want to block some 
>> addresses trying to register to the box from external.
>> PS its not SIP bots etc. Its known trusted addresses.
>> 
>> Thanks
>> Regards
>> 
>> Michael Knill
>> Managing Director
>> 
>> D: +61 2 6189 1360
>> P: +61 2 6140 4656
>> E: michael.kn...@ipcsolutions.com.au
>> W: ipcsolutions.com.au
>> 
>> <image001.png>
>> Smarter Business Communications
>> 
>> _______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>> 
>> Donations to support AstLinux are graciously accepted via PayPal to 
>> pay...@krisk.org.
> 
> 
> 
>    _______________________________________________
>    Astlinux-users mailing list
>    Astlinux-users@lists.sourceforge.net
>    https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
>    Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> 
> 
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.



_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Re: [Astlinux-users] Deny EXT -> Local

Reply via email to