On 4/12/11 8:57 AM, Gerald Drouillard wrote:
On 4/12/2011 7:46 AM, Eda Ercan wrote:
Hi all,
Regarding this http://track.sipfoundry.org/browse/XX-5197 issue to
create a framework for managing iptables rules, a UI will be added to
the patch attached to this issue. I've added a UI mockup to the
issue. Can you have a look at this mockup and give me feedback if
this makes sense?
In Firewall rules tab, the rules will be displayed with an option to
enable/disable them.
In Custom rules tab, there will be the ability to add new rules and
modify the existing ones. However not all the rules will be included
in this tab - such as SIP port which can be configured from SipXproxy
service, if this port is modified from that page, firewall will be
updated by the system.
How does this sound?
Some rules have to be dynamic in a way that programs like fail2ban
operate.
A couple of thing that I would like to see easier for the masses that
are important would be:
* "401 Unauthorized" IP cut off after X amounts of attempts.
* "Login Failed" IP cut off after X amounts of attempts in
registration or logging in via the web.
You need to be able to whitelist your private network in some cases.
access to one of several siphack ip reputation lists., mostly rsync'd
cidr lists.
ability to feed BACK to public siphack ip reputation lists if the sipv
type user agents hit you.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Best Intrusion Prevention Product, Networks Product Guide
* Certified SNORT Integrator
* Hot Company Award, World Executive Alliance
* Best in Email Security, 2010 Network Products Guide
* King of Spam Filters, SC Magazine
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
