Discussion:
[Asterisk-Users] Asterisk iptables rules
Goran Tornqvist
2005-10-26 08:33:23 UTC
Permalink
Hello,
I have trouble getting asterisk to work with my new firewall script (see below).
I used this info as base: 'http://www.voip-info.org/wiki-Asterisk+firewall+rules
And then modified it to suit my needs.

I use only SIP and the problem is that the calls get in to asterisk when the firewall is activated.
But my agents/phones cant register or receive any calls. So all calls get stuck in queue on asterisk.
So I believe Im missing some rule perhaps?

Can anyone help me sort this out?

Thanks...

Best Regards
Goran

/etc/init.d/firewall
======================================

#IPTables firewall configuration for X

export PATH=$PATH:/sbin

case "$1" in
start)

echo "Starting iptables firewall..."

iptables --flush
iptables --delete-chain

iptables -A INPUT -p icmp -i eth0 -j ACCEPT

# START OPEN PORTS
#=================

#SSH (22)
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

#SAMBA: netbios (139) , microsoft-ds (445)
iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT

#ASTERISK

# SIP (UDP 5060)
iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT

# IAX2/IAX
iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT

# RTP - the media stream
iptables -A INPUT -p udp -m udp -i eth0 --dport 10000:20000 -j ACCEPT

# MGCP - if you use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT

#END ASTERISK

#MySQL (3306)
iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT

#SNMP (161) - Allow from cacti server
iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT

#Ftp / Passive ports
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT

#Http / Web
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT

#Webmin (10000)
iptables -A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT

# END OPEN PORTS
#=================

#Deny everything else
iptables -A INPUT -p all -i eth0 -j DROP

exit 0;
;;

stop)

echo "Stopping iptables firewall..."
iptables --flush
iptables --delete-chain

exit 0;
;;

*)
echo "Valid switches: firewall start , firewall stop";

esac;
OTR Comm
2005-10-26 17:19:45 UTC
Permalink
Hello,

I added these rules to my firewall, and it works fine:

# voip mangle
$IPTABLES -t mangle -A FORWARD -p udp --dport 5060:5069 -j TOS --set-tos
Minimize-Delay
$IPTABLES -t mangle -A FORWARD -p tcp --dport 5060:5069 -j TOS --set-tos
Minimize-Delay
$IPTABLES -t mangle -A FORWARD -p udp --dport 10000:20000 -j TOS --set-tos
Minimize-Delay

I put the voip rules before any tcp or udp rules.

Hope this helps,
Murrah

----- Original Message -----
From: "Goran Tornqvist" <***@goran.aleborg.se>
To: <asterisk-***@lists.digium.com>
Sent: Wednesday, October 26, 2005 1:33 AM
Subject: [Asterisk-Users] Asterisk iptables rules


Hello,
I have trouble getting asterisk to work with my new firewall script (see
below).
I used this info as base:
'http://www.voip-info.org/wiki-Asterisk+firewall+rules
And then modified it to suit my needs.

I use only SIP and the problem is that the calls get in to asterisk when the
firewall is activated.
But my agents/phones cant register or receive any calls. So all calls get
stuck in queue on asterisk.
So I believe Im missing some rule perhaps?

Can anyone help me sort this out?

Thanks...

Best Regards
Goran

/etc/init.d/firewall
======================================

#IPTables firewall configuration for X

export PATH=$PATH:/sbin

case "$1" in
start)

echo "Starting iptables firewall..."

iptables --flush
iptables --delete-chain

iptables -A INPUT -p icmp -i eth0 -j ACCEPT

# START OPEN PORTS
#=================

#SSH (22)
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

#SAMBA: netbios (139) , microsoft-ds (445)
iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT

#ASTERISK

# SIP (UDP 5060)
iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT

# IAX2/IAX
iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT

# RTP - the media stream
iptables -A INPUT -p udp -m udp -i eth0 --dport 10000:20000 -j ACCEPT

# MGCP - if you use media gateway control protocol in your
configuration
iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT

#END ASTERISK

#MySQL (3306)
iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT

#SNMP (161) - Allow from cacti server
iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT

#Ftp / Passive ports
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT

#Http / Web
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT

#Webmin (10000)
iptables -A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT

# END OPEN PORTS
#=================

#Deny everything else
iptables -A INPUT -p all -i eth0 -j DROP

exit 0;
;;

stop)

echo "Stopping iptables firewall..."
iptables --flush
iptables --delete-chain

exit 0;
;;

*)
echo "Valid switches: firewall start , firewall stop";

esac;



----------------------------------------------------------------------------
----
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users
http://lists.digium.com/mailman/listinfo/asterisk-users
Goran Tornqvist
2005-10-27 09:53:03 UTC
Permalink
One last check...won't ask again, promise :)
Does someone know a solution to my problem below?

Best Regards
Goran
----- Original Message -----
From: Goran Tornqvist
To: asterisk-***@lists.digium.com
Sent: Wednesday, October 26, 2005 10:33 AM
Subject: Asterisk iptables rules


Hello,
I have trouble getting asterisk to work with my new firewall script (see below).
I used this info as base: 'http://www.voip-info.org/wiki-Asterisk+firewall+rules
And then modified it to suit my needs.

I use only SIP and the problem is that the calls get in to asterisk when the firewall is activated.
But my agents/phones cant register or receive any calls. So all calls get stuck in queue on asterisk.
So I believe Im missing some rule perhaps?

Can anyone help me sort this out?

Thanks...

Best Regards
Goran

/etc/init.d/firewall
======================================

#IPTables firewall configuration for X

export PATH=$PATH:/sbin

case "$1" in
start)

echo "Starting iptables firewall..."

iptables --flush
iptables --delete-chain

iptables -A INPUT -p icmp -i eth0 -j ACCEPT

# START OPEN PORTS
#=================

#SSH (22)
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

#SAMBA: netbios (139) , microsoft-ds (445)
iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT

#ASTERISK

# SIP (UDP 5060)
iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT

# IAX2/IAX
iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT

# RTP - the media stream
iptables -A INPUT -p udp -m udp -i eth0 --dport 10000:20000 -j ACCEPT

# MGCP - if you use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT

#END ASTERISK

#MySQL (3306)
iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT

#SNMP (161) - Allow from cacti server
iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT

#Ftp / Passive ports
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT

#Http / Web
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT

#Webmin (10000)
iptables -A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT

# END OPEN PORTS
#=================

#Deny everything else
iptables -A INPUT -p all -i eth0 -j DROP

exit 0;
;;

stop)

echo "Stopping iptables firewall..."
iptables --flush
iptables --delete-chain

exit 0;
;;

*)
echo "Valid switches: firewall start , firewall stop";

esac;
Steve Davies
2005-10-27 10:10:25 UTC
Permalink
I would suggest that you are missing something like:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT

This will mean that if a UDP packet is sent by * from sport:2345,
dport:5060, then the response (sport:5060, dport:2345) will be allowed
in, whereas at present that is not the case. I cannot say whether this
type of packet will ever be sent, but I always include the rule for
completeness.

Alternatively, add a "LOG" rule, just before the DROP rule, and see
what is being dropped...

Regards,
Steve
Post by Goran Tornqvist
One last check...won't ask again, promise :)
Does someone know a solution to my problem below?
Best Regards
Goran
----- Original Message -----
From: Goran Tornqvist
Sent: Wednesday, October 26, 2005 10:33 AM
Subject: Asterisk iptables rules
Hello,
I have trouble getting asterisk to work with my new firewall script (see below).
'http://www.voip-info.org/wiki-Asterisk+firewall+rules
And then modified it to suit my needs.
I use only SIP and the problem is that the calls get in to asterisk when the
firewall is activated.
But my agents/phones cant register or receive any calls. So all calls get
stuck in queue on asterisk.
So I believe Im missing some rule perhaps?
Can anyone help me sort this out?
Thanks...
Best Regards
Goran
/etc/init.d/firewall
======================================
#IPTables firewall configuration for X
export PATH=$PATH:/sbin
case "$1" in
start)
echo "Starting iptables firewall..."
iptables --flush
iptables --delete-chain
iptables -A INPUT -p icmp -i eth0 -j ACCEPT
# START OPEN PORTS
#=================
#SSH (22)
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
#SAMBA: netbios (139) , microsoft-ds (445)
iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT
#ASTERISK
# SIP (UDP 5060)
iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT
# IAX2/IAX
iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT
# RTP - the media stream
iptables -A INPUT -p udp -m udp -i eth0 --dport 10000:20000 -j ACCEPT
# MGCP - if you use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT
#END ASTERISK
#MySQL (3306)
iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT
#SNMP (161) - Allow from cacti server
iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
#Ftp / Passive ports
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT
#Http / Web
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
#Webmin (10000)
iptables -A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT
# END OPEN PORTS
#=================
#Deny everything else
iptables -A INPUT -p all -i eth0 -j DROP
exit 0;
;;
stop)
echo "Stopping iptables firewall..."
iptables --flush
iptables --delete-chain
exit 0;
;;
*)
echo "Valid switches: firewall start , firewall stop";
esac;
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users
http://lists.digium.com/mailman/listinfo/asterisk-users
Goran Tornqvist
2005-10-28 08:52:47 UTC
Permalink
Hello,
After further checking I found that when activating the firewall no traffic
is allowed OUT from the box.
Nameresolving, http, nothing accept ICMP works, even though I added:

iptables -A OUTPUT -p all -j ACCEPT

So I think its not related to asterisk at all, rather some iptables config
problem...
I'll see if I can fix that problem first...thats maybe the reason why it
doesnt work.

Thanks for your help anyway...

Best Regards
Goran

----- Original Message -----
From: "Steve Davies" <***@gmail.com>
To: "Asterisk Users Mailing List - Non-Commercial Discussion"
<asterisk-***@lists.digium.com>
Sent: Thursday, October 27, 2005 12:10 PM
Subject: Re: [Asterisk-Users] Asterisk iptables rules


I would suggest that you are missing something like:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT

This will mean that if a UDP packet is sent by * from sport:2345,
dport:5060, then the response (sport:5060, dport:2345) will be allowed
in, whereas at present that is not the case. I cannot say whether this
type of packet will ever be sent, but I always include the rule for
completeness.

Alternatively, add a "LOG" rule, just before the DROP rule, and see
what is being dropped...

Regards,
Steve
Post by Goran Tornqvist
One last check...won't ask again, promise :)
Does someone know a solution to my problem below?
Best Regards
Goran
----- Original Message -----
From: Goran Tornqvist
Sent: Wednesday, October 26, 2005 10:33 AM
Subject: Asterisk iptables rules
Hello,
I have trouble getting asterisk to work with my new firewall script (see below).
'http://www.voip-info.org/wiki-Asterisk+firewall+rules
And then modified it to suit my needs.
I use only SIP and the problem is that the calls get in to asterisk when the
firewall is activated.
But my agents/phones cant register or receive any calls. So all calls get
stuck in queue on asterisk.
So I believe Im missing some rule perhaps?
Can anyone help me sort this out?
Thanks...
Best Regards
Goran
/etc/init.d/firewall
======================================
#IPTables firewall configuration for X
export PATH=$PATH:/sbin
case "$1" in
start)
echo "Starting iptables firewall..."
iptables --flush
iptables --delete-chain
iptables -A INPUT -p icmp -i eth0 -j ACCEPT
# START OPEN PORTS
#=================
#SSH (22)
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
#SAMBA: netbios (139) , microsoft-ds (445)
iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT
#ASTERISK
# SIP (UDP 5060)
iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT
# IAX2/IAX
iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT
# RTP - the media stream
iptables -A INPUT -p udp -m udp -i eth0 --dport 10000:20000 -j ACCEPT
# MGCP - if you use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT
#END ASTERISK
#MySQL (3306)
iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT
#SNMP (161) - Allow from cacti server
iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
#Ftp / Passive ports
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT
#Http / Web
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
#Webmin (10000)
iptables -A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT
# END OPEN PORTS
#=================
#Deny everything else
iptables -A INPUT -p all -i eth0 -j DROP
exit 0;
;;
stop)
echo "Stopping iptables firewall..."
iptables --flush
iptables --delete-chain
exit 0;
;;
*)
echo "Valid switches: firewall start , firewall stop";
esac;
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users
http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --

Asterisk-Users mailing list
Asterisk-***@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Goran Tornqvist
2005-11-02 07:16:11 UTC
Permalink
The simple solution was that I was missing:

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Which caused replies to outgoing traffic to be stopped in the firewall...

So problem wasnt really related to asterisk at all...doh!!!!

----- Original Message -----
From: "Goran Tornqvist" <***@goran.aleborg.se>
To: "Asterisk Users Mailing List - Non-Commercial Discussion"
<asterisk-***@lists.digium.com>
Sent: Friday, October 28, 2005 9:52 AM
Subject: Re: [Asterisk-Users] Asterisk iptables rules
Post by Goran Tornqvist
Hello,
After further checking I found that when activating the firewall no
traffic is allowed OUT from the box.
iptables -A OUTPUT -p all -j ACCEPT
So I think its not related to asterisk at all, rather some iptables config
problem...
I'll see if I can fix that problem first...thats maybe the reason why it
doesnt work.
Thanks for your help anyway...
Best Regards
Goran
----- Original Message -----
To: "Asterisk Users Mailing List - Non-Commercial Discussion"
Sent: Thursday, October 27, 2005 12:10 PM
Subject: Re: [Asterisk-Users] Asterisk iptables rules
iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -j ACCEPT
This will mean that if a UDP packet is sent by * from sport:2345,
dport:5060, then the response (sport:5060, dport:2345) will be allowed
in, whereas at present that is not the case. I cannot say whether this
type of packet will ever be sent, but I always include the rule for
completeness.
Alternatively, add a "LOG" rule, just before the DROP rule, and see
what is being dropped...
Regards,
Steve
Post by Goran Tornqvist
One last check...won't ask again, promise :)
Does someone know a solution to my problem below?
Best Regards
Goran
----- Original Message -----
From: Goran Tornqvist
Sent: Wednesday, October 26, 2005 10:33 AM
Subject: Asterisk iptables rules
Hello,
I have trouble getting asterisk to work with my new firewall script (see below).
'http://www.voip-info.org/wiki-Asterisk+firewall+rules
And then modified it to suit my needs.
I use only SIP and the problem is that the calls get in to asterisk when the
firewall is activated.
But my agents/phones cant register or receive any calls. So all calls get
stuck in queue on asterisk.
So I believe Im missing some rule perhaps?
Can anyone help me sort this out?
Thanks...
Best Regards
Goran
/etc/init.d/firewall
======================================
#IPTables firewall configuration for X
export PATH=$PATH:/sbin
case "$1" in
start)
echo "Starting iptables firewall..."
iptables --flush
iptables --delete-chain
iptables -A INPUT -p icmp -i eth0 -j ACCEPT
# START OPEN PORTS
#=================
#SSH (22)
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
#SAMBA: netbios (139) , microsoft-ds (445)
iptables -A INPUT -p tcp -i eth0 --dport 139 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 445 -j ACCEPT
#ASTERISK
# SIP (UDP 5060)
iptables -A INPUT -p tcp -m tcp -i eth0 --dport 5060 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5060 -j ACCEPT
# IAX2/IAX
iptables -A INPUT -p udp -m udp -i eth0 --dport 4569 -j ACCEPT
iptables -A INPUT -p udp -m udp -i eth0 --dport 5036 -j ACCEPT
# RTP - the media stream
iptables -A INPUT -p udp -m udp -i eth0 --dport 10000:20000 -j ACCEPT
# MGCP - if you use media gateway control protocol in your configuration
iptables -A INPUT -p udp -m udp -i eth0 --dport 2727 -j ACCEPT
#END ASTERISK
#MySQL (3306)
iptables -A INPUT -p tcp -i eth0 --dport 3306 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 3306 -j ACCEPT
#SNMP (161) - Allow from cacti server
iptables -A INPUT -p tcp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 161 --source x.x.x.x -j ACCEPT
#Ftp / Passive ports
iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 64785:64799 -j ACCEPT
#Http / Web
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
#Webmin (10000)
iptables -A INPUT -p tcp -i eth0 --dport 10000 -j ACCEPT
# END OPEN PORTS
#=================
#Deny everything else
iptables -A INPUT -p all -i eth0 -j DROP
exit 0;
;;
stop)
echo "Stopping iptables firewall..."
iptables --flush
iptables --delete-chain
exit 0;
;;
*)
echo "Valid switches: firewall start , firewall stop";
esac;
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users
http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users
http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
http://lists.digium.com/mailman/listinfo/asterisk-users
http://lists.digium.com/mailman/listinfo/asterisk-users
Loading...