Well, if you start with Country Blocking (add the pfBlocker package now in 2.0.1) that's a good start.
Then there's the VoipAbuse list ( http://www.infiltrated.net/voipabuse/defensive.html) you can add as a pfBlocker list: http://www.infiltrated.net/voipabuse/netblocks.txt You need to be a bit careful with the above as you could block regular inbound traffic from legitimate sources. Also you need to consider if you have users who travel, where they might go. If you want to get tighter, know better where your users are coming from and then figure out their ISP's. Once you know their ISP's you ought to be able to find the IP address blocks they own. Mike On Sat, Jan 28, 2012 at 6:17 PM, Nathaniel Watkins < [email protected]> wrote: > I’ll probably take you up on the offer to help upgrade me to 2.01. I am > only using that for remote workers and long distance (voip.ms). I can > route long distance to our Patton box (which has a separate internet > connection to voip.ms) – so having the pfsense box down for several hours > isn’t a big deal.**** > > ** ** > > Is there a way in pfsense to only allow inbound connections from several > IP addresses (port 5060)? I was looking around on 1.2.3 and you can allow > a single ip/network/etc., but it doesn’t look like there is a good way to > allow several ip addresses that are ‘random’? Is this a true statement?** > ** > > ** ** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Tony Graziano > *Sent:* Saturday, January 28, 2012 2:32 PM > > *To:* Discussion list for users of sipXecs software > *Subject:* Re: [sipx-users] Alarm SPX00028: SipXproxy ran out of > resources for NAT traversal.**** > > ** ** > > Very good. You might also consider updating to 2.01 and moving from > country block to pfblocker. It easy enough to load the new version on > another flash card too and I can probably help you pre write the config to > make the downtime pretty minimal.**** > > On Jan 28, 2012 1:52 PM, "Nathaniel Watkins" <[email protected]> > wrote:**** > > Yes – I’m starting to understand why letting sipXecs manage its own DNS > makes sense J - this is the 2nd time we’ve made DNS changes internally > that have caused hickups. I know, I know, you told me so…**** > > **** > > I am using country blocker and CPS – I need to stop being lazy and only > allow port 5060 access to the remotes that need it…maybe that will be my > afternoon project…**** > > **** > > ** ** > > ------------------------------ > This message and any files transmitted with it are intended only for the > individual(s) or entity named. If you are not the intended individual(s) or > entity named you are hereby notified that any disclosure, copying, > distribution or reliance upon its contents is strictly prohibited. If you > have received this in error, please notify the sender, delete the original, > and destroy all copies. Email transmissions cannot be guaranteed to be > secure or error-free as information could be intercepted, corrupted, lost, > destroyed, arrive late or incomplete, or contain viruses. Garrett County > Government therefore does not accept any liability for any errors or > omissions in the contents of this message, which arise as a result of email > transmission. > > > Garrett County Government, > 203 South Fourth Street, Courthouse, Oakland, Maryland 21550 > www.garrettcounty.org > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- Michael Picher, Director of Technical Services eZuce, Inc. 300 Brickstone Square**** Suite 201**** Andover, MA. 01810 O.978-296-1005 X2015 M.207-956-0262 @mpicher <http://twitter.com/mpicher> www.ezuce.com ------------------------------------------------------------------------------------------------------------ Hope to see you at the sipX CoLab! http://www.sipfoundry.org/sipx-colab A gathering for - open source users, eZuce customers & eZuce partners Get the inside track on 4.6 and a glimpse at the future of sipXecs!
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
