hi all, i have a number of asterisk instances behind pfsense -- 5060 is open to the public, and of course, i have incessant attempts to make free calls.
for the moment, i use an iptables rule: iptables --append local-external --protocol udp -m udp --sport 5060 -m string --string "SIP/2.0 403 Forbidden" \ --algo bm --to 66 -j LOG --log-ip-options --log-prefix "SIP ABUSE: 403: " which inspects udp packets to discern who is trying to hack. enough errors in the log, and the ip gets banned (digging into the packet is only way to correctly eliminate spoofing) i would prefer to move this function to pfsense ... what would be the best way to do that? thanks m _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
