From: Michael K. <mic...@ip...> - 2017-10-15 21:33:43
|
Actually just to check. Is this valid: Pass EXT->Local UDP 125.213.160.0/22 5060,16384-17384 Regards Michael Knill -----Original Message----- From: Michael Knill <mic...@ip...> Reply-To: AstLinux List <ast...@li...> Date: Monday, 16 October 2017 at 8:13 am To: AstLinux List <ast...@li...> Subject: Re: [Astlinux-users] SIP Provider Firewall Rules Thanks Lonnie. I have learnt something once again Regards Michael Knill -----Original Message----- From: Lonnie Abelbeck <li...@lo...> Reply-To: AstLinux List <ast...@li...> Date: Saturday, 14 October 2017 at 12:08 am To: AstLinux List <ast...@li...> Subject: Re: [Astlinux-users] SIP Provider Firewall Rules On Oct 12, 2017, at 10:27 PM, Michael Knill <mic...@ip...> wrote: > I wondering how I can limit connection to port 5060 to a specific provider IP Address range? > Does a Pass EXT -> Local rule for with a source of the provider IP range deny all others? > > Regards > Michael Knill Yes, only the source address(es) in "Pass EXT->Local" will be allowed. A source address of "0/0" will allow any. As for a "provider IP range" source address you have a few options ... 1) Use a CIDR source address Example: 1.2.3.1/28 -- 1.2.3.1 to 1.2.3.14 -- Tip -> Used "netcalc 1.2.3.4/28" command in AstLinux for help 2) Use DynDNS Host Open plugin (dyndns-host-open) Example: Assuming sip.example.tld has multiple A DNS records for host -- DYNDNS_HOST_OPEN_UDP="sip.example.tld~5060" -- 3) Using Last Octet Range feature of our AIF firewall Example: 1.2.3.4-8 -- 1.2.3.4 to 1.2.3.8 -- Note -> Range only works for the last octet Options listed in my personal order of preference. Lonnie ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Ast...@li... https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Ast...@li... https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |