Home > Others

Iptables fo Asterisk

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Iptables fo Asterisk

Sip on UDP port 5060. Other sip servers may need TCP port 5060 as well

  • Iptables-A input-p udp-m udp-dport 5004: 5082-J accept

Iax2-The IAX protocol

  • Iptables-A input-p udp-m udp-dport 4569-J accept

IAX-most have switched to IAX V2, or ought

  • Iptables-A input-p udp-m udp-dport 5036-J accept

RTP-the media stream

  • Iptables-A input-p udp-m udp-dport restart :20000-J accept

MGCP-if you use media gateway control protocol in your configuration

  • Iptables-A input-p udp-m udp-dport 2727-J accept

Reference: http://www.voip-info.org/wiki-Asterisk+firewall+rules

Iptables details

  • Iptables-version to check whether iptables is installed in the system
  • Iptables-help to view a quick help
  • Man iptables to view the complete introduction of all commands and options
  • Iptables-list view the existing iptables planning set in the system

The general syntax is as follows:

Iptables [-T table] command [Match] [target]

Table

Filters are used to filter information packets, including input, output, and forward chains. Nat is the information package to forward.

Command

Command is the most important part of the iptables command. It tells the iptables command what to do, such as inserting rules, adding rules to the end of the chain, or deleting rules.

  • -A or-append: attaches a rule to the end of the chain. For example, iptables-A input-s 210.12.1.23-J accept (accept data packets from source 210.12.1.23)
  • -D or-delete: delete a rule from a chain. For example, iptables-D input-dport 80-J Drop (discard the packet destined for port 80); iptalbes-D Output 3 (delete the rule with Link number 3)
  • -P or-policy, set the missing chain Policy (to process packages that do not match other rules ). For example, iptables-P input drop (discard packets that do not match all rules)
  • -N or-New-chain: Create a new chain with the specified name. For example, iptables-N alowed-chain
  • -F or-flush: delete a specified chain or all chains (if no name is specified ). For example, iptables-F forward or iptables-F
  • -L or-list to list all the rules in the chain. For example, iptables-l allowed-chain

Match

The optional match part of the iptables command specifies the characteristics (such as the source address, destination address, and Protocol) that the information package and rule match should have ).

  • -P or-protocal: Check the specific Protocol (TCP, UDP, ICMP, all), available! Indicates not. For example, iptables-A input-p tcp, UDP or iptables-A input-P! ICMP, the two commands work the same.
  • -S or-Source: Match Based on the source IP address of the information. For example, iptables-A output-s 192.168.1.1, iptables-A output-s 192.168.0.0/24 (from 0.0 to 0.24), iptables-A output-s! 203.16.1.89
  • -D or-destination, matching based on the target IP address. For example, iptables-A input-D 192.168.1.1

Target

The target is the operation specified by the rule, and these operations are performed on the information packages that match the rule. In addition to allowing users to define targets, there are also many available target options.

Accept, drop, reject, return

Example

In this example, the rules will block data packets from a specific IP address range, because the IP address range is suspected by administrators that a large number of malicious attackers are active:

  • Iptables-T filter-A input-s 123.456.789.0/24-J Drop

It can also easily block all data packets flowing to the attacker's IP address. This command is slightly different:

  • Iptables-T filter-A output-D 123.456.789.0/24-J Drop

Set the default rules for each chain:

  • Iptables-P input drop
  • Iptables-P forward drop
  • Iptables-P output accept here the option-P is used to set the chain policy. Only three built-in chains have a policy. These policies allow information to flow out without restrictions, but do not allow information to flow in.

Allow data from the network interface ppp0 (Internet interface) and the source port is 80 to enter your computer

  • Iptables-A input-I ppp0-P TCP-sport 80-J accept

WWW Service

  • Iptables-A input-I ppp0-P TCP-dport 80-J accept

Block all TCP connections that are not authorized by your system:

  • Iptables-T filter-A input-I eth0-p tcp-syn-J Drop here-I refers to the NIC,-P refers to the Protocol, -Syn indicates the TCP packet with the SYN flag. SYN is used to initialize a TCP connection. If no server is running on your machine, no SYN packet will be sent to you.

Save and restore rules

  • Iptables-save> iptables-script
  • Iptables-Restore iptables-script

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
asterisk asterisk asterisk xsl fo editor free xsl fo generator sample xsl fo file xsl fo to html xsl fo table example xsl fo editor

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More