Search

Wednesday, October 03, 2012

Iptables Rule for Asterisk

The default iptables ruleset will block SIP traffic. To allow it, we
need below:

# SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well
iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
# RTP - the media stream
# (related to the port range in /etc/asterisk/rtp.conf)
iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
#

Or we use -I to insert the rules at specified rule number (the topmost
rule is numbered 1)
iptables -I INPUT 2 -p udp -m udp --dport 5060 -j ACCEPT
iptables -I INPUT 2 -p udp -m udp --dport 10000:20000 -j ACCEPT

4 comments:

  1. The Cloud Shop offers Cloud Hosted Asterisk in Asia including virtual numbers and SIP lines. Virtual numbers for Hong Kong, Singapore, China, Vietnam, Australia, New Zealand and more.

    ReplyDelete
  2. Cloud Shop web is www.cloudshop.com.hk.

    Also offered is Polycom, SNOM and Yealink IP based phones.

    On premise IP-PBX is Asterisk Switchvox.

    ReplyDelete
  3. i have a problem am using asterisk on a server in a call center..but there risk of hacking with entering in my server by the net(i have a fix ip adress)..how can block the distant access to my server.thank you

    ReplyDelete
  4. wissem, if you know the hacker's ip x.x.x.x, you can block it by 'iptables -A INPUT -s x.x.x.x -j DROP'.

    ReplyDelete