On 2/6/19 10:13 AM, Tom Eastep wrote: > On 2/6/19 9:50 AM, Kevin Olbrich wrote: >> Hi! >> >> I read this article: >> http://shorewall.org/Helpers.html >> >> Currently I have some problems with an Asterisk installation and >> broken SIP packets (because they are generated by bots). >> While I try to debug this, I noticed that the SIP helper is active. As >> far as I understand, I don't need it because I have correct rules in >> place (also, I don't want the firewall to open ports based on the SDP >> for RTP as this is hardcoded in my setup). >> >> Should I set "AUTOHELPERS=Yes" to No in shorewall.conf? >> > > That isn't necessary. AUTOHELPERS=Yes simply associates those helpers > that are enabled with their respective protocol and port. > > As explained in the helpers article, to disable SIP you list the SIP > helper in DONT_LOAD, then list the helpers that you do want to load in > HELPERS. >
For example, in my own configuration I have: DONT_LOAD="nf_nat_sip,nf_conntrack_sip,nf_conntrack_h323,nf_nat_h323" HELPERS="ftp,irc" That loads only the ftp and irc helpers. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
