Max DiOrio wrote: >My SIP provider is asking me to open all UDP ports, which is a huge >security risk.
Then they are a bunch of ignorant tools ! The only ports you need to open are the signalling ports (eg 5060 for SIP) and the ports specified in /etc/asterisk/rtp.conf - those are the only ports that will be used. >What rule can I use to allow all traffic two and from a particular IP? >This might be easiest, as the provider only uses two IP addresses. > >This way I can block all traffic inbound except from those IPs. ACCEPT net:1.2.3.4 $FW or to just allow UDP, ACCEPT net:1.2.3.4 $FW udp For multiple addresses I think you can do : ACCEPT net:1.2.3.4,5.6.7.8 $FW These are for inbound traffic, outbound just swap net:... and $FW. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
