On 04/12/2011 07:56 AM, [email protected] wrote: > Sure I'm missing something. > I'm using Shorewall 4.0.6 on a Debian Etch server with kernel 2.6.24.
A museum piece! :-) > The server is running asterisk 1.6 with few IP Phones registered to the > asterisk, on the internal Interface eth0. The server has indeed a public > interface eth1 used by asterisk to connect to external SIP providers. > Now, I simply can't prevent an external IP Phone from registering on my > asterisk on interface eth1. > I tried to stop the UDP traffic with this rule (rules file): > > DROP net:XX.XX.XX.XX fw udp 1024:65535 > > Where XX.XX.XX.XX is the public ip addres of the IP Phone. How could it be? So long as there is traffic on the 'connection', that rule won't stop it. It will only stop *new* connections from being made. You need the same rule in the ESTABLISHED section of the rules file in order to stop traffic entirely. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
