Wednesday, October 03, 2012

Iptables Rule for Asterisk

The default iptables ruleset will block SIP traffic. To allow it, we
need below:

# SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
# RTP - the media stream
# (related to the port range in /etc/asterisk/rtp.conf)
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT

Or we use -I to insert the rules at specified rule number (the topmost
rule is numbered 1)
iptables -I INPUT 2 -p udp -m udp --dport 5060 -j ACCEPT
iptables -I INPUT 2 -p udp -m udp --dport 10000:20000 -j ACCEPT


  1. The Cloud Shop offers Cloud Hosted Asterisk in Asia including virtual numbers and SIP lines. Virtual numbers for Hong Kong, Singapore, China, Vietnam, Australia, New Zealand and more.

  2. Cloud Shop web is

    Also offered is Polycom, SNOM and Yealink IP based phones.

    On premise IP-PBX is Asterisk Switchvox.

  3. i have a problem am using asterisk on a server in a call center..but there risk of hacking with entering in my server by the net(i have a fix ip adress) can block the distant access to my server.thank you

  4. wissem, if you know the hacker's ip x.x.x.x, you can block it by 'iptables -A INPUT -s x.x.x.x -j DROP'.


  5. Thank you very much for your information.
    Australia ETA/eVisitor Visa
    is quiet easy to apply online from Singapore,
    Malaysia, United Kingdom, United States, Canada, France and including all others ETA Eligible Countries from our website.