Chris: On prelusde I use to open to the inside not the outside, if you have like snort on your firewall. I found that if I did not it would not work otherwise. If you have no sensors on your firewall you will not need it.
On the Phone it makes it easier for me to follow what I have open. The nice thing is anyone then can comment out what they want to keep closed. It is just a personal pref. I would edit down the SIP for your application as you only need one Port, but this way it will work if you have 5090 instead of 5060. I just place all possible in the macro so those who do not know the port numbers have a referance to work with. Eric ----- Original Message ----- From: "Chris Boot" <[email protected]> To: "Shorewall Users" <[email protected]> Sent: Saturday, March 17, 2012 10:01:57 AM Subject: Re: [Shorewall-users] new macros I use On 16 Mar 2012, at 17:58, Eric Teeter <[email protected]> wrote: > Tom: > > I have two macro's that you may want to add to the new versions of Shorewall. > > Hope this helps! > > macro.Phone works for IP Phones (example Asterisk etc.) > > macro.Prelude works for Prelude IDS I can't comment on the Prelude macro, but the Phone one seems wrong to me. I wouldn't want to open SIP, IAX, RTP _and_ MGCP for phones - in fact I'm only really likely to want one or two at a time. Separate SIP, IAX and MGCP macros make more sense to me. Also, you only need RTP for SIP unless I'm mistaken (definitely not IAX, no idea about MGCP), and the 'sip' conntrack helper is usually clever enough to classify RTP as 'related' so it automatically flows through. Maybe a separate RTP macro as well? HTH, Chris -- Chris Boot [email protected] ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
